The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about NULL Pointer Dereference vulnerabilities in an interactive lesson.
Start learningUpgrade Oracle:9
kernel-debug
to version 0:5.14.0-503.11.1.el9_5 or higher.
This issue was patched in ELSA-2024-9315
.
Note: Versions mentioned in the description apply only to the upstream kernel-debug
package and not the kernel-debug
package as distributed by Oracle
.
See How to fix?
for Oracle:9
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix re-attachment branch in bpf_tracing_prog_attach
The following case can cause a crash due to missing attach_btf:
In the end we have:
prog->aux->dst_trampoline == NULL
tgt_prog == NULL (because we did not provide target_fd to link_create)
prog->aux->attach_btf == NULL (the program was loaded with attach_prog_fd=X)
the program was loaded for tgt_prog but we have no way to find out which one
BUG: kernel NULL pointer dereference, address: 0000000000000058 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x15b/0x430 ? fixup_exception+0x22/0x330 ? exc_page_fault+0x6f/0x170 ? asm_exc_page_fault+0x22/0x30 ? bpf_tracing_prog_attach+0x279/0x560 ? btf_obj_id+0x5/0x10 bpf_tracing_prog_attach+0x439/0x560 __sys_bpf+0x1cf4/0x2de0 __x64_sys_bpf+0x1c/0x30 do_syscall_64+0x41/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76
Return -EINVAL in this situation.