SB2022110248 - Multiple vulnerabilities in OpenShift Container Platform 4.11
Published: November 2, 2022 Updated: March 20, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2022-3515)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the CRL parser in libksba. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Improper Authorization (CVE-ID: CVE-2022-41974)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrectly implemented authorization process within multipathd daemon. A local unprivileged user can bypass build-in authorization and execute privileged commands on the system.
3) Use-after-free (CVE-ID: CVE-2022-40674)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Heap-based buffer overflow (CVE-ID: CVE-2022-37434)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
5) Memory leak (CVE-ID: CVE-2022-32742)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due memory leak when handling SMB1 requests. A remote user with ability to write data to a file share can force the application to leak memory and gain access to potentially sensitive information.
6) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29901)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.
7) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29900)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a mistrained branch predictions for return instructions. A local user can execute arbitrary speculative code under certain microarchitecture-dependent conditions. The vulnerability was dubbed RETbleed.
8) Type Confusion (CVE-ID: CVE-2022-23825)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.
9) Type Confusion (CVE-ID: CVE-2022-23816)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.
10) Double Free (CVE-ID: CVE-2022-2588)
The vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a double free error within the network packet scheduler implementation
in the route4_change() function in Linux kernel when removing all references to a route filter
before freeing it. A local user can run a specially crafted program to
crash the kernel or execute arbitrary code.
11) OS Command Injection (CVE-ID: CVE-2022-26945)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Double Free (CVE-ID: CVE-2022-2509)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Information disclosure (CVE-ID: CVE-2022-1353)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.
14) Information disclosure (CVE-ID: CVE-2022-0494)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.
15) Out-of-bounds read (CVE-ID: CVE-2020-35527)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling ALTER TABLE for views that have a nested FROM clause. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and read contents of memory on the system.
16) NULL pointer dereference (CVE-ID: CVE-2020-35525)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the INTERSEC query processing. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
17) Input validation error (CVE-ID: CVE-2022-30323)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.
18) Input validation error (CVE-ID: CVE-2022-30322)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.
19) Input validation error (CVE-ID: CVE-2022-30321)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.