The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.
Base Score: 2.1
Impact Score: 2.9
Exploitability Score: 3.9
Base Score: 5.5
Impact Score: 3.6
Exploitability Score: 1.8
|148459||Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9140)||Nessus||Oracle Linux Local Security Checks|
|148458||Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9141)||Nessus||Oracle Linux Local Security Checks|
|148009||Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4750-1)||Nessus||Ubuntu Local Security Checks|
|147982||Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4752-1)||Nessus||Ubuntu Local Security Checks|
|147978||Ubuntu 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4751-1)||Nessus||Ubuntu Local Security Checks|