Oracle Linux Vulnerability Impact Rating



    Vulnerability impact ratings are intended to help customers prioritize their update decisions based on risks for their Oracle Linux systems. These ratings are included into security advisories associated with each product update. Oracle advises about urgency of corresponding updates and encourages customers to take risk-based approach toward updates of their environments. It remains customers’ responsibility to assess how any vulnerability may impact their particular environment(s).

    What is an Oracle Linux Vulnerability Impact Rating?

    Oracle assesses and rates potential impact of vulnerabilities on supported versions of Oracle Linux in a typical situation, using a four-level impact rating system listed below.

    The Impact rating for a vulnerability reflects a risk theoretically associated with that vulnerability should it be successfully exploited. There may be vulnerabilities that qualify for multiple Impact ratings. Out of caution, Oracle will aim to assign the higher rating in these cases. If a vulnerability is applicable to multiple Oracle Linux releases, the Impact rating is calculated separately for each affected release.

      Critical  

    A Critical vulnerability can be easily exploited in the default configuration without user interaction by an unauthenticated remote attacker and results in a complete system compromise.

    It is advisable for customers to apply corresponding updates without delay.

      Important  

    An Important vulnerability can be easily exploited in a supported configuration and will result in a high impact for confidentiality, integrity or availability of data or resources.

    It is advisable for customers to apply corresponding updates as soon as possible.

      Moderate  

    A Moderate vulnerability requires an unusual supported configuration or other operational circumstances for exploitation and will result in an impact for confidentiality, integrity or availability of data or resources.

    It is advisable for customers to apply corresponding updates in accordance with their regular patching schedule, which should be based on customers’ risk profiles.

      Low  

    A Low vulnerability is a vulnerability where practical exploitation is difficult and often mitigated by the other system protection mechanisms.