Multiple vulnerabilities in Red Hat Virtualization for RHEL 8
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-25659 CVE-2020-28196 CVE-2020-36242 |
| CWE-ID | CWE-385 CWE-674 CWE-190 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
scap-security-guide (Red Hat package) Operating systems & Components / Operating system package or component redhat-release-virtualization-host (Red Hat package) Operating systems & Components / Operating system package or component imgbased (Red Hat package) Operating systems & Components / Operating system package or component cockpit-ovirt (Red Hat package) Operating systems & Components / Operating system package or component redhat-virtualization-host (Red Hat package) Operating systems & Components / Operating system package or component ovirt-hosted-engine-ha (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Virtualization Host Web applications / Remote management & hosting panels Red Hat Virtualization Server applications / Virtualization software |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Covert Timing Channel
EUVDB-ID: #VU50367
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25659
CWE-ID:
CWE-385 - Covert Timing Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
MitigationInstall updates from vendor's website.
scap-security-guide (Red Hat package): 0.1.50-1.el8ev
redhat-release-virtualization-host (Red Hat package): 4.4.2-1.el8ev - 4.4.5-4.el8ev
imgbased (Red Hat package): 1.2.12-0.1.el8ev - 1.2.18-0.1.el8ev
cockpit-ovirt (Red Hat package): 0.14.11-1.el8ev - 0.14.17-1.el8ev
Red Hat Virtualization Host: 4
Red Hat Virtualization: 4
redhat-virtualization-host (Red Hat package): before 4.4.6-20210527.3.el8_4
ovirt-hosted-engine-ha (Red Hat package): before 2.4.7-1.el8ev
External linkshttp://access.redhat.com/errata/RHSA-2021:2239
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Uncontrolled Recursion
EUVDB-ID: #VU48444
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28196
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in MIT Kerberos 5 (aka krb5) implementation when processing ASN.1-encoded Kerberos messages in lib/krb5/asn.1/asn1_encode.c. A remote attacker can pass specially crafted data to the application that uses Kerberos and perform a denial of service (DoS) attack.
Install updates from vendor's website.
scap-security-guide (Red Hat package): 0.1.50-1.el8ev
redhat-release-virtualization-host (Red Hat package): 4.4.2-1.el8ev - 4.4.5-4.el8ev
imgbased (Red Hat package): 1.2.12-0.1.el8ev - 1.2.18-0.1.el8ev
cockpit-ovirt (Red Hat package): 0.14.11-1.el8ev - 0.14.17-1.el8ev
Red Hat Virtualization Host: 4
Red Hat Virtualization: 4
redhat-virtualization-host (Red Hat package): before 4.4.6-20210527.3.el8_4
ovirt-hosted-engine-ha (Red Hat package): before 2.4.7-1.el8ev
External linkshttp://access.redhat.com/errata/RHSA-2021:2239
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU50990
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36242
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing certain sequences of update calls to symmetrically encrypt multi-GB values. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
scap-security-guide (Red Hat package): 0.1.50-1.el8ev
redhat-release-virtualization-host (Red Hat package): 4.4.2-1.el8ev - 4.4.5-4.el8ev
imgbased (Red Hat package): 1.2.12-0.1.el8ev - 1.2.18-0.1.el8ev
cockpit-ovirt (Red Hat package): 0.14.11-1.el8ev - 0.14.17-1.el8ev
Red Hat Virtualization Host: 4
Red Hat Virtualization: 4
redhat-virtualization-host (Red Hat package): before 4.4.6-20210527.3.el8_4
ovirt-hosted-engine-ha (Red Hat package): before 2.4.7-1.el8ev
External linkshttp://access.redhat.com/errata/RHSA-2021:2239
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
