Multiple vulnerabilities in OpenShift Container Platform 4.11



Published: 2022-11-02 | Updated: 2024-03-20
Risk High
Patch available YES
Number of vulnerabilities 19
CVE-ID CVE-2022-3515
CVE-2022-41974
CVE-2022-40674
CVE-2022-37434
CVE-2022-32742
CVE-2022-29901
CVE-2022-29900
CVE-2022-23825
CVE-2022-23816
CVE-2022-2588
CVE-2022-26945
CVE-2022-2509
CVE-2022-1353
CVE-2022-0494
CVE-2020-35527
CVE-2020-35525
CVE-2022-30323
CVE-2022-30322
CVE-2022-30321
CWE-ID CWE-190
CWE-285
CWE-416
CWE-122
CWE-401
CWE-1037
CWE-843
CWE-415
CWE-78
CWE-200
CWE-125
CWE-476
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Vulnerability #10 is being exploited in the wild.
Vulnerable software
Subscribe 		Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 19 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU68376

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3515

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the CRL parser in libksba. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authorization

EUVDB-ID: #VU68722

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41974

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrectly implemented authorization process within multipathd daemon. A local unprivileged user can bypass build-in authorization and execute privileged commands on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU67532

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40674

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Heap-based buffer overflow

EUVDB-ID: #VU66153

Risk: High

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-37434

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Memory leak

EUVDB-ID: #VU65824

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32742

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due memory leak when handling SMB1 requests. A remote user with ability to write data to a file share can force the application to leak memory and gain access to potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65220

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29901

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65205

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29900

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a mistrained branch predictions for return instructions. A local user can execute arbitrary speculative code under certain microarchitecture-dependent conditions. The vulnerability was dubbed  RETbleed.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Type Confusion

EUVDB-ID: #VU65204

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23825

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Type Confusion

EUVDB-ID: #VU65219

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23816

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Double Free

EUVDB-ID: #VU66397

Risk: Low

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-2588

CWE-ID: CWE-415 - Double Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a double free error within the network packet scheduler implementation in the route4_change() function in Linux kernel when removing all references to a route filter before freeing it. A local user can run a specially crafted program to crash the kernel or execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

11) OS Command Injection

EUVDB-ID: #VU63810

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26945

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Double Free

EUVDB-ID: #VU65915

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2509

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information disclosure

EUVDB-ID: #VU63388

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1353

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information disclosure

EUVDB-ID: #VU64259

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0494

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds read

EUVDB-ID: #VU67412

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-35527

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling ALTER TABLE for views that have a nested FROM clause. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU67411

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-35525

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the INTERSEC query processing. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Input validation error

EUVDB-ID: #VU63815

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30323

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU63814

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30322

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Input validation error

EUVDB-ID: #VU63811

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30321

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.11.0 - 4.11.11

External links

http://access.redhat.com/errata/RHSA-2022:7201


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###