Subscribe to the feed

In a previous Red Hat article, VP of Red Hat Product Security, Vincent Danen, discussed the question "Do all vulnerabilities really matter?" He emphasized that "a  software vulnerability has the potential to be exploited by miscreants to harm its user." The key word here is "potential". If the potential for exploitation is high, or if an exploit for a vulnerability is already in use in the wild, then these vulnerabilities pose a greater risk and must be prioritized and addressed promptly.

Red Hat uses CISA as a source for known exploited vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) leads the US national effort to understand, manage, and reduce risk to their cyber and physical infrastructure. CISA maintains a Known Exploited Vulnerabilities (KEV) catalog, otherwise known as the CISA catalog.

In November 2021, CISA issued the binding operational directive CISA BOD 22-01. This directive requires that all US Government federal agencies (USG) identify and remediate all vulnerabilities listed in the CISA catalog in their information systems. Additionally, this catalog is available to the public so other non-USG customers can be aware of the listed exploited vulnerabilities and seek immediate remediations. The vulnerabilities listed have been observed to be exploited in the wild, presenting an elevated risk.

In response, Red Hat created a program to resolve vulnerabilities added to the KEV list as quickly as possible. This program helps Red Hat to continue strengthening our security posture across our software portfolio while maintaining our reputation as a trustworthy partner.

How well did Red Hat remediate exploited in the wild vulnerabilities?

As described in CISA BOD-22-01, CISA has three main criteria for adding vulnerabilities to the KEV:

  1. A Common Vulnerabilities and Exposures (CVE) ID
  2. Clear remediation guidance
  3. Reliable evidence of exploitation in the wild

In 2023, the CISA catalog included 20 CVEs that impacted Red Hat products.  The following table displays the breakdown by severity. 

Severity rating

Total Red Hat  Flaw counts

In the wild exploitation

In the wild exploitation as a percentage of total flaw counts





















The amount of vulnerabilities exploited in the wild was fairly low,  accounting for 1.2% of the total flaws that impacted Red Hat in 2023. Once Red Hat is notified that a CVE is  added to the CISA catalog, Red Hat provides a fix for the vulnerability within an average of 10 calendar days (notably faster than the 21 calendar days that CISA gives for the vulnerability to be resolved).

It is also important to note that Red Hat has released errata for approximately 24% of these Exploit CVEs before they were added to the CISA catalog. 

How many of Red Hat’s KEV CVEs had errata published before KEV addition?

More than half of the exploited in the wild vulnerabilities pertain to the WebKitGTK package. WebKit is one of the three big web rendering engines. The exploit primarily targets iOS users and sometimes macOS users, as well as any software using the JavaScript Just in Time (JIT) compiler. To better enhance the security of Red Hat software,  Red Hat has disabled the JavaScript JIT mechanism in the 8.8 z-stream and 9.2 z-stream RHEL releases. This action is expected to cut down on the volume of WebKit vulnerabilities by half going forward. 

Security awareness

Red Hat Product Security's awareness and visibility into reported exploited vulnerabilities enable us to proactively address rising threats and fix vulnerabilities that truly matter. These actions allow Red Hat to remain a trusted vendor and partner to our customers. At Red Hat, openness and transparency are embedded in our culture. This culture of transparency influences our customer interactions and allows us to be a trusted partner. Sharing pertinent information makes our community well-informed and well-versed, especially when it comes to security. 

About the authors

Leonardo Firicano joined Red Hat in 2021 as a Business Analyst for Product Security. Leo brings his experience and skills to Product Security, having held previous roles as a technical business analyst, a project analyst, and a data analyst within the finance industry. Leo holds a bachelor’s degree in Finance and Information Systems from Suffolk University and an MBA from Northeastern University.

Read full bio

Marco Benatto is a Senior Product Security Engineer at Red Hat and experienced Linux developer who has worked with several userspace applications and is currently focused on kernel-space and filesystems, with a background in memory management.

Read full bio

Browse by channel

automation icon


The latest on IT automation for tech, teams, and environments

AI icon

Artificial intelligence

Updates on the platforms that free customers to run AI workloads anywhere

open hybrid cloud icon

Open hybrid cloud

Explore how we build a more flexible future with hybrid cloud

security icon


The latest on how we reduce risks across environments and technologies

edge icon

Edge computing

Updates on the platforms that simplify operations at the edge

Infrastructure icon


The latest on the world’s leading enterprise Linux platform

application development icon


Inside our solutions to the toughest application challenges

Original series icon

Original shows

Entertaining stories from the makers and leaders in enterprise tech