SB2024080128 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13
Published: August 1, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 61 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2023-29483)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Tudoor mechanism. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
2) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-6104)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data obtain from HTTP requests.
3) Use-after-free (CVE-ID: CVE-2021-47459)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the j1939_netdev_start() function in net/can/j1939/main.c. A local user can escalate privileges on the system.
4) Integer overflow (CVE-ID: CVE-2022-36402)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can trigger an integer overflow and crash the kernel.
5) Use-after-free (CVE-ID: CVE-2022-38457)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the vmw_cmd_res_check() function in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can trigger a use-after-free error and crash the system.
6) Use-after-free (CVE-ID: CVE-2022-40133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the vmw_execbuf_tie_context() function in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
7) Integer underflow (CVE-ID: CVE-2022-48743)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
8) Use-after-free (CVE-ID: CVE-2023-5633)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error when running inside a VMware guest with 3D acceleration enabled. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
9) HTTP response splitting (CVE-ID: CVE-2023-27522)
The vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not correclty process CRLF character sequences in mod_proxy_uwsgi. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
10) Race condition (CVE-ID: CVE-2023-33951)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition when handling GEM objects within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can exploit the race and gain unauthorized access to sensitive information on the system.
11) Double free (CVE-ID: CVE-2023-33952)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when handling vmw_buffer_object objects within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can trigger a double free error and execute arbitrary code on the target system with elevated privileges.
12) Information disclosure (CVE-ID: CVE-2023-45289)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to insecure forwarding of headers and cookies to a third-party domains in net/http and net/http/cookiejar. A remote attacker can trick the application into sharing sensitive information with an attacker-controlled website.
13) Resource exhaustion (CVE-ID: CVE-2023-45290)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in net/http due to application does not properly control consumption of internal resources when parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile). A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
14) Buffer overflow (CVE-ID: CVE-2023-52434)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the smb2_parse_contexts() function when parsing SMB packets. A remote user can send specially crafted SMB traffic to the affected system, trigger memory corruption and execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Use-after-free (CVE-ID: CVE-2023-52439)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uio_open() function in drivers/uio/uio.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
16) NULL pointer dereference (CVE-ID: CVE-2023-52450)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the discover_upi_topology() function in arch/x86/events/intel/uncore_snbep.c. A local user can perform a denial of service (DoS) attack.
17) Memory leak (CVE-ID: CVE-2023-52518)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_dev_close_sync() function in net/bluetooth/hci_sync.c, within the hci_release_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
18) Race condition (CVE-ID: CVE-2023-52578)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a data race within the br_handle_frame_finish() function in net/bridge/br_input.c. A local user can exploit the race and perform a denial of service (DoS) attack.
19) Use-after-free (CVE-ID: CVE-2023-52707)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the psi_trigger_destroy() function in kernel/sched/psi.c. A local user can escalate privileges on the system.
20) NULL pointer dereference (CVE-ID: CVE-2023-52811)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ibmvfc_get_event(), ibmvfc_queuecommand(), ibmvfc_bsg_timeout(), ibmvfc_bsg_plogi(), ibmvfc_bsg_request(), ibmvfc_reset_device(), ibmvfc_init_tmf(), ibmvfc_cancel_all_mq(), ibmvfc_abort_task_set(), ibmvfc_tgt_send_prli(), ibmvfc_tgt_send_plogi(), __ibmvfc_tgt_get_implicit_logout_evt(), ibmvfc_tgt_implicit_logout(), ibmvfc_tgt_move_login(), ibmvfc_adisc_timeout(), ibmvfc_tgt_adisc(), ibmvfc_tgt_query_target(), ibmvfc_discover_targets(), ibmvfc_channel_setup(), ibmvfc_channel_enquiry(), ibmvfc_npiv_login() and ibmvfc_npiv_logout() functions in drivers/scsi/ibmvscsi/ibmvfc.c. A local user can perform a denial of service (DoS) attack.
21) Stack-based buffer overflow (CVE-ID: CVE-2024-1151)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the Open vSwitch sub-component in the Linux Kernel. A remote unauthenticated attacker can send specially crafted packets to the system. trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
22) Improper validation of integrity check value (CVE-ID: CVE-2024-3727)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper validation of integrity check. A remote attacker can trick the victim into providing authenticated registry accesses, causing resource exhaustion, local path traversal, and other attacks.
23) Buffer overflow (CVE-ID: CVE-2024-5564)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in NetworkManager. A local user can send a malformed IPv6 router advertisement packet to trigger memory corruption and perform a denial of service (DoS) attack.
24) Race condition (CVE-ID: CVE-2024-6409)
The vulnerability allows a remote attacker to compromise the affected system.
25) Error Handling (CVE-ID: CVE-2024-24783)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in crypto/x509 due to improper validation of a certificate chain that contains an unknown public key. A remote attacker can pass a specially crafted certificate to the application and perform a denial of service attack.
26) Input validation error (CVE-ID: CVE-2024-24784)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of display names within the ParseAddressList function in net/mail. A remote attacker can pass specially crafted input to the application and perform a spoofing attack.
27) Cross-site scripting (CVE-ID: CVE-2024-24785)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in html/template when parsing errors returned from MarshalJSON methods. A remote attacker can execute arbitrary HTML and script code in user's browser in context of vulnerable website.
28) Infinite loop (CVE-ID: CVE-2024-24786)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing data in an invalid JSON format within the protojson.Unmarshal() function. A remote attacker can consume all available system resources and cause denial of service conditions.
29) Input validation error (CVE-ID: CVE-2024-26581)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in net/netfilter/nft_set_rbtree.c. A locla user can perform a denial of service (DoS) attack.
30) Integer overflow (CVE-ID: CVE-2024-26668)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the nft_limit_eval() and nft_limit_init() functions in net/netfilter/nft_limit.c. A local user can execute arbitrary code.
31) Race condition (CVE-ID: CVE-2024-26698)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the netvsc_device_remove() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.
32) Double free (CVE-ID: CVE-2024-26704)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.
33) Use-after-free (CVE-ID: CVE-2024-26739)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.
34) Improper locking (CVE-ID: CVE-2024-26773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
35) Expired pointer dereference (CVE-ID: CVE-2024-26808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
36) Improper locking (CVE-ID: CVE-2024-26810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
37) Resource management error (CVE-ID: CVE-2024-26880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
38) Improper locking (CVE-ID: CVE-2024-26923)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
39) Improper locking (CVE-ID: CVE-2024-26925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
40) Double free (CVE-ID: CVE-2024-26929)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the qla2x00_els_dcmd_sp_free() and qla24xx_els_dcmd_iocb() functions in drivers/scsi/qla2xxx/qla_iocb.c. A local user can execute arbitrary code.
41) NULL pointer dereference (CVE-ID: CVE-2024-26931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
42) Input validation error (CVE-ID: CVE-2024-26982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_new_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
43) Input validation error (CVE-ID: CVE-2024-27016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_flow_xmit_xfrm(), nf_flow_skb_encap_protocol() and nf_flow_encap_pop() functions in net/netfilter/nf_flow_table_ip.c, within the nf_flow_offload_inet_hook() function in net/netfilter/nf_flow_table_inet.c. A local user can perform a denial of service (DoS) attack.
44) Race condition within a thread (CVE-ID: CVE-2024-27019)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
45) Race condition within a thread (CVE-ID: CVE-2024-27020)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
46) Resource management error (CVE-ID: CVE-2024-27065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
47) Information disclosure (CVE-ID: CVE-2024-27417)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the inet6_rtm_getaddr() function in net/ipv6/addrconf.c. A local user can gain access to sensitive information.
48) Resource exhaustion (CVE-ID: CVE-2024-28176)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the JSON Web Encryption (JWE) decryption interfaces. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
49) OS Command Injection (CVE-ID: CVE-2024-32487)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when handling newline characters in the filename in filename.c. A remote attacker can trick the victim to pass a specially crafted filename to the affected command and execute arbitrary OS commands on the system.
50) Use-after-free (CVE-ID: CVE-2024-35791)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svm_register_enc_region() function in arch/x86/kvm/svm/sev.c. A local user can escalate privileges on the system.
51) Resource management error (CVE-ID: CVE-2024-35897)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_table_disable() and nf_tables_updtable() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
52) Use-after-free (CVE-ID: CVE-2024-35899)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_tables_module_exit() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
53) Use-after-free (CVE-ID: CVE-2024-35950)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.
54) Off-by-one (CVE-ID: CVE-2024-36025)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the qla_edif_app_getstats() function in drivers/scsi/qla2xxx/qla_edif.c. A local user can perform a denial of service (DoS) attack.
55) NULL pointer dereference (CVE-ID: CVE-2024-36489)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.
56) Use-after-free (CVE-ID: CVE-2024-36904)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
57) Improper locking (CVE-ID: CVE-2024-36924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lpfc_set_rrq_active() and lpfc_sli_post_recovery_event() functions in drivers/scsi/lpfc/lpfc_sli.c, within the lpfc_dev_loss_tmo_callbk() function in drivers/scsi/lpfc/lpfc_hbadisc.c, within the lpfc_els_retry_delay() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
58) Race condition (CVE-ID: CVE-2024-36952)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.
59) Out-of-bounds read (CVE-ID: CVE-2024-36978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.
60) Race condition within a thread (CVE-ID: CVE-2024-38596)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.
61) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2024-39936)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a race condition in HTTP2 support when establishing an encrypted connection. A remote attacker can potentially force the application to send data before the encrypted() signal, leading to potential information disclosure.
Remediation
Install update from vendor's website.