Multiple vulnerabilities in Red Hat Migration Toolkit for Containers (MTC)



Published: 2022-07-06
Risk High
Patch available YES
Number of vulnerabilities 52
CVE-ID CVE-2021-43976
CVE-2021-20322
CVE-2021-21781
CVE-2021-26401
CVE-2021-29154
CVE-2021-37159
CVE-2021-41617
CVE-2021-41864
CVE-2021-42739
CVE-2021-43056
CVE-2021-43389
CVE-2021-44733
CVE-2021-4197
CVE-2021-45485
CVE-2021-45486
CVE-2022-0001
CVE-2022-0002
CVE-2022-0286
CVE-2022-0322
CVE-2022-1011
CVE-2022-1154
CVE-2022-1271
CVE-2022-23852
CVE-2022-26691
CVE-2021-4203
CVE-2021-4189
CVE-2021-3807
CVE-2021-3634
CVE-2022-0235
CVE-2022-0536
CVE-2018-25032
CVE-2020-0404
CVE-2020-4788
CVE-2020-13974
CVE-2020-19131
CVE-2020-27820
CVE-2020-35492
CVE-2021-0941
CVE-2021-3612
CVE-2021-3669
CVE-2021-4157
CVE-2021-3737
CVE-2021-3743
CVE-2021-3744
CVE-2021-3752
CVE-2021-3759
CVE-2021-3764
CVE-2021-3772
CVE-2021-3773
CVE-2021-4002
CVE-2021-4037
CVE-2021-4083
CWE-ID CWE-20
CWE-330
CWE-200
CWE-77
CWE-415
CWE-269
CWE-787
CWE-119
CWE-252
CWE-129
CWE-416
CWE-264
CWE-476
CWE-704
CWE-190
CWE-285
CWE-918
CWE-121
CWE-125
CWE-400
CWE-835
CWE-401
CWE-345
CWE-284
Exploitation vector Network
Public exploit Public exploit code for vulnerability #12 is available.
Vulnerable software
Subscribe
Migration Toolkit for Containers
Client/Desktop applications / Software for system administration

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 52 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU61215

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43976

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c in Linux kernel. An attacker with physical access to the system can insert a specially crafted USB device and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of insufficiently random values

EUVDB-ID: #VU63839

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-20322

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when processing received ICMP errors. A remote attacker can effectively bypass the source port UDP randomization to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU54395

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-21781

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the ARM SIGPAGE functionality. A userland application can read the contents of the sigpage, which can leak kernel memory contents.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU61566

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26401

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application within LFENCE/JMP. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Command Injection

EUVDB-ID: #VU56241

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-29154

CWE-ID: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect computation of branch displacements within the BPF JIT compilers in the Linux kernel in arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. A local user can inject and execute arbitrary commands with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Double Free

EUVDB-ID: #VU63575

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37159

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to hso_free_net_device() function in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state. A local user can trigger double free and use-after-free errors and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Privilege Management

EUVDB-ID: #VU58333

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-41617

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management in sshd, when certain non-default configurations are used, because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds write

EUVDB-ID: #VU63855

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-41864

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU59474

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-42739

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary within the firewire subsystem in the Linux kernel in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files. A local privileged user can run a specially crafted program tat calls avc_ca_pmt() function to trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Unchecked Return Value

EUVDB-ID: #VU63921

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43056

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation error when handling SRR1 register values. A local user can perform a denial of service attack, when the host is running on Power8.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper Validation of Array Index

EUVDB-ID: #VU63385

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43389

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to improper validation of array index in the ISDN CAPI implementation within detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU59100

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-44733

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to a use-after-free error in the drivers/tee/tee_shm.c file within the TEE subsystem in the Linux kernel. A local user can trigger a race condition in tee_shm_get_from_id during an attempt to free a shared memory object and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

13) Security restrictions bypass

EUVDB-ID: #VU61258

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4197

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information disclosure

EUVDB-ID: #VU63668

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45485

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in the IPv6 implementation in the Linux kernel. A remote attacker can gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Information disclosure

EUVDB-ID: #VU63577

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45486

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect implementation of the IPv4 protocol in the Linux kernel. A remote attacker can disclose internal state in some situations.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Information disclosure

EUVDB-ID: #VU61198

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0001

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Information disclosure

EUVDB-ID: #VU61199

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0002

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) NULL pointer dereference

EUVDB-ID: #VU63925

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0286

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s bonding driver when user bonds non existing or fake device. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Type conversion

EUVDB-ID: #VU63856

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0322

CWE-ID: CWE-704 - Incorrect Type Conversion or Cast (Type Conversion)

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a type conversion error in the sctp_make_strreset_req() function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel. A local user can perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU63386

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1011

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the write() function of FUSE filesystem. A local user can retireve (partial) /etc/shadow hashes and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU61763

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1154

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the utf_ptr2char() function in regexp_bt.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU62002

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1271

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Integer overflow

EUVDB-ID: #VU59966

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23852

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper Authorization

EUVDB-ID: #VU63747

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26691

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in implementation of "Local" authorization mechanism. A remote attacker can authenticate as to CUPS as root/admin without the 32-byte secret key and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU63838

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4203

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in sock_getsockopt() function in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() function (and connect() function) in the Linux kernel. A local user can exploit the use-after-free error and crash the system or escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU61681

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4189

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in the FTP (File Transfer Protocol) client library when using it in PASV (passive) mode. A remote attacker can set up a malicious FTP server, trick the FTP client in Python into connecting back to a given IP address and port, which can lead to FTP client scanning ports which otherwise would not have been possible.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Input validation error

EUVDB-ID: #VU57967

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3807

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when matching crafted invalid ANSI escape codes in ansi-regex. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Buffer overflow

EUVDB-ID: #VU56217

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3634

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling shared secrets. A remote attacker can supply a shared secret of a different size, trigger a memory corruption during the second key re-exchange and crash the application or potentially execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Information disclosure

EUVDB-ID: #VU61471

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0235

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the application follows the "Location" HTTP header redirect and passes authorization cookie to a third-party resource. A remote attacker can gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Information disclosure

EUVDB-ID: #VU61668

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0536

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU61671

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-25032

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper Privilege Management

EUVDB-ID: #VU46929

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-0404

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Information disclosure

EUVDB-ID: #VU48577

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4788

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in IBM Power9 processors due to unspecified error. A local user can obtain sensitive information from the data in the L1 cache under extenuating circumstances.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Integer overflow

EUVDB-ID: #VU64946

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13974

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within drivers/tty/vt/keyboard.c if k_ascii is called several times in a row. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Buffer overflow

EUVDB-ID: #VU63910

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-19131

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the invertImage() function in the tiffcrop component. A remote attacker can pass a specially crafted file to the application and perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use-after-free

EUVDB-ID: #VU63322

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27820

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to a use-after-free error in nouveau's postclose() handler. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Stack-based buffer overflow

EUVDB-ID: #VU52196

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-35492

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Out-of-bounds read

EUVDB-ID: #VU64702

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0941

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in __bpf_skb_max_len() function in net/core/filter.c in the Linux kernel. A local user with special privilege can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Out-of-bounds write

EUVDB-ID: #VU55231

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3612

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in joystick devices subsystem in Linux kernel. A local user can make a specially crafted JSIOCSBTNMAP IOCTL call, trigger out-of-bounds write and execute arbitrary code with escalated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Resource exhaustion

EUVDB-ID: #VU63911

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3669

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to measuring usage of the shared memory does not scale with large shared memory segment counts. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Buffer overflow

EUVDB-ID: #VU63323

Risk: High

CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4157

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Linux kernel NFS subsystem. A remote attacker can create a specially crafted data and crash the system or escalate privileges on the system

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Infinite loop

EUVDB-ID: #VU59089

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3737

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker who controls a malicious server can force the client to enter an infinite loop on a 100 Continue response.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU63913

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3743

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the Qualcomm IPC router protocol in the Linux kernel. A local user can gain access to out-of-bounds memory to leak internal kernel information or perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Memory leak

EUVDB-ID: #VU63813

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3744

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c. A local user can force the application to leak memory and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU63767

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3752

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel’s Bluetooth subsystem when a user calls connect to the socket and disconnect simultaneously. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Resource exhaustion

EUVDB-ID: #VU63914

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3759

CWE-ID: CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the Linux kernel’s ipc functionality of the memcg subsystem when user calls the semget function multiple times, creating semaphores. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Memory leak

EUVDB-ID: #VU63817

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3764

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak error in the ccp_run_aes_gcm_cmd() function in Linux kernel. A local user can trigger a memory leak error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Insufficient verification of data authenticity

EUVDB-ID: #VU63835

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3772

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to insufficient verification of data authenticity in the Linux SCTP stack. A remote attacker can exploit this vulnerability to perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Information disclosure

EUVDB-ID: #VU63920

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3773

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the netfilter. A remote attacker can infer openvpn connection endpoint informationand gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Memory leak

EUVDB-ID: #VU63836

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4002

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak in the Linux kernel's hugetlbfs memory usage. A local user can force the application to leak memory and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper access control

EUVDB-ID: #VU63923

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4037

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the fs/inode.c:inode_init_owner() function logic of the Linux kernel. A local user can create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set to bypass implemented security restrictions and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU61246

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4083

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel's garbage collection for Unix domain socket file handlers. A local user can call close() and fget() simultaneously and can potentially trigger a race condition, which in turn leads to a use-after-free error and allows privilege escalation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Migration Toolkit for Containers: 1.7.0 - 1.7.1


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:5483

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###