Multiple vulnerabilities in OpenShift Virtualization 4.8



Published: 2022-10-12
Risk High
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2022-1798
CVE-2018-25032
CVE-2022-0494
CVE-2022-1271
CVE-2022-1353
CVE-2022-2526
CVE-2022-23852
CVE-2022-29154
CWE-ID CWE-264
CWE-119
CWE-200
CWE-20
CWE-416
CWE-190
CWE-22
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
OpenShift Virtualization
Server applications / Virtualization software

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU67071

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1798

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to read arbitrary files on the system.

The vulnerability exists due to a logic issue in kubeVirt API. A remote user can use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Virtualization: 4.8.0 - 4.8.6


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6890

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU61671

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-25032

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Virtualization: 4.8.0 - 4.8.6


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6890

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Information disclosure

EUVDB-ID: #VU64259

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0494

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Virtualization: 4.8.0 - 4.8.6


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6890

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Input validation error

EUVDB-ID: #VU62002

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1271

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Virtualization: 4.8.0 - 4.8.6


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6890

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Information disclosure

EUVDB-ID: #VU63388

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1353

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Virtualization: 4.8.0 - 4.8.6


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6890

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Use-after-free

EUVDB-ID: #VU66757

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-2526

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the on_stream_io() and dns_stream_complete() functions in resolved-dns-stream.c, which do not increment the reference counting for the DnsStream object. A remote attacker can send to the system specially crafted DNS responses, trigger a use-after-free error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Virtualization: 4.8.0 - 4.8.6


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6890

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Integer overflow

EUVDB-ID: #VU59966

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-23852

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Virtualization: 4.8.0 - 4.8.6


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6890

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Path traversal

EUVDB-ID: #VU66189

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-29154

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote server to perform directory traversal attacks.

The vulnerability exists due to input validation error within the rsync client  when processing file names. A remote malicious server overwrite arbitrary files in the rsync client target directory and subdirectories on the connected peer.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Virtualization: 4.8.0 - 4.8.6


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2022:6890

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###