Multiple vulnerabilities in Red Hat Virtualization for RHEL 8

Published: 2021-04-16

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2021-3449 CVE-2021-3450
CWE-ID	CWE-476 CWE-254
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software Subscribe	redhat-virtualization-host (Red Hat package) Operating systems & Components / Operating system package or component redhat-release-virtualization-host (Red Hat package) Operating systems & Components / Operating system package or component imgbased (Red Hat package) Operating systems & Components / Operating system package or component zip (Red Hat package) Operating systems & Components / Operating system package or component tbb (Red Hat package) Operating systems & Components / Operating system package or component make (Red Hat package) Operating systems & Components / Operating system package or component libxcrypt (Red Hat package) Operating systems & Components / Operating system package or component libmpc (Red Hat package) Operating systems & Components / Operating system package or component isl (Red Hat package) Operating systems & Components / Operating system package or component gcc (Red Hat package) Operating systems & Components / Operating system package or component dyninst (Red Hat package) Operating systems & Components / Operating system package or component boost (Red Hat package) Operating systems & Components / Operating system package or component scap-security-guide (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Virtualization Host Web applications / Remote management & hosting panels Red Hat Virtualization Server applications / Virtualization software
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU51733

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-3449

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing TLSv1.2 renegotiations. A remote attacker can send a maliciously crafted renegotiation ClientHello message, which omits the signature_algorithms extension but includes a signature_algorithms_cert extension, trigger a NULL pointer dereference error and crash the server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

redhat-virtualization-host (Red Hat package): 4.4.3-20201116.0.el8_3 - 4.4.4-20210201.0.el8_3

redhat-release-virtualization-host (Red Hat package): 4.4.2-1.el8ev - 4.4.4-1.el8ev

imgbased (Red Hat package): 1.2.12-0.1.el8ev - 1.2.16-0.1.el8ev

Red Hat Virtualization Host: 4

Red Hat Virtualization: 4

zip (Red Hat package): before 3.0-23.el8

tbb (Red Hat package): before 2018.2-9.el8

make (Red Hat package): before 4.2.1-10.el8

libxcrypt (Red Hat package): before 4.1.1-4.el8

libmpc (Red Hat package): before 1.0.2-9.el8

isl (Red Hat package): before 0.16.1-6.el8

gcc (Red Hat package): before 8.3.1-5.1.el8

dyninst (Red Hat package): before 10.1.0-4.el8

boost (Red Hat package): before 1.66.0-10.el8

scap-security-guide (Red Hat package): before 0.1.50-1.el8ev

External links

http://access.redhat.com/errata/RHSA-2021:1189

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Security features bypass

EUVDB-ID: #VU51732