The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade Centos:9 perf to version 0:5.14.0-362.8.1.el9_3 or higher.
Note: Versions mentioned in the description apply only to the upstream perf package and not the perf package as distributed by Centos.
See How to fix? for Centos:9 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
tcp: tcp_make_synack() can be called from process context
tcp_rtx_synack() now could be called in process context as explained in 0a375c822497 ("tcp: tcp_rtx_synack() can be called from process context").
tcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU variables with preemption enabled. This causes the following BUG:
BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464
caller is tcp_make_synack+0x841/0xac0
Call Trace:
 <TASK>
 dump_stack_lvl+0x10d/0x1a0
 check_preemption_disabled+0x104/0x110
 tcp_make_synack+0x841/0xac0
 tcp_v6_send_synack+0x5c/0x450
 tcp_rtx_synack+0xeb/0x1f0
 inet_rtx_syn_ack+0x34/0x60
 tcp_check_req+0x3af/0x9e0
 tcp_rcv_state_process+0x59b/0x2030
 tcp_v6_do_rcv+0x5f5/0x700
 release_sock+0x3a/0xf0
 tcp_sendmsg+0x33/0x40
 ____sys_sendmsg+0x2f2/0x490
 __sys_sendmsg+0x184/0x230
 do_syscall_64+0x3d/0x90
Avoid calling __TCP_INC_STATS() with will touch per-cpu variables. Use TCP_INC_STATS() which is safe to be called from context switch.