SB2024112007 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.14
Published: November 20, 2024 Updated: December 4, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 64 secuirty vulnerabilities.
1) Cross-site request forgery (CVE-ID: CVE-2024-6508)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and compromise the victim's account.
2) DOM-based cross-site scripting (CVE-ID: CVE-2024-47875)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Prototype pollution (CVE-ID: CVE-2024-48910)
The vulnerability allows a remote attacker to perform XSS attacks.
The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
4) Improper synchronization (CVE-ID: CVE-2024-7409)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper synchronization during socket closure in the QEMU NBD Server. A malicious guest can perform a denial of service (DoS) attack.
5) Out-of-bounds write (CVE-ID: CVE-2019-12900)
6) NULL pointer dereference (CVE-ID: CVE-2022-48773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rpcrdma_ep_create() function in net/sunrpc/xprtrdma/verbs.c. A local user can perform a denial of service (DoS) attack.
7) Improper locking (CVE-ID: CVE-2022-48936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c, within the inet_gso_segment() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2023-52492)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
9) Resource management error (CVE-ID: CVE-2023-52522)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the neigh_periodic_work() function in net/core/neighbour.c. A local user can perform a denial of service (DoS) attack.
10) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2024-3596)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of a broken or risky cryptographic algorithm in RADIUS Protocol. A remote user can perform a man-in-the-middle (MitM) attack and gain access to target system.
11) Reachable assertion (CVE-ID: CVE-2024-3652)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the compute_proto_keymat() function when handling IKEv1 packets within the default AH/ESP responder. A remote authenticated user can send specially crafted packets to the server and perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2024-7006)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in tif_dirinfo.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
13) Race condition (CVE-ID: CVE-2024-24857)
The vulnerability allows a remote non-authenticated attacker to damange or delete data.
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
14) Resource management error (CVE-ID: CVE-2024-26640)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
15) Use-after-free (CVE-ID: CVE-2024-26656)
The vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a use-after-free error in drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c. A local user can send a single amdgpu_gem_userptr_ioctl
to the AMDGPU DRM driver on any ASICs with an invalid address and size and perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2024-26772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
17) Out-of-bounds read (CVE-ID: CVE-2024-26851)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
18) Buffer overflow (CVE-ID: CVE-2024-26870)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfs4_listxattr() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
19) Improper error handling (CVE-ID: CVE-2024-26906)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the copy_from_kernel_nofault_allowed() function in arch/x86/mm/maccess.c. A local user can perform a denial of service (DoS) attack.
20) Resource management error (CVE-ID: CVE-2024-26924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nft_pipapo_remove() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2024-26976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
22) Incorrect calculation (CVE-ID: CVE-2024-27017)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
23) Race condition (CVE-ID: CVE-2024-27062)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nvkm_object_search() and nvkm_object_remove() functions in drivers/gpu/drm/nouveau/nvkm/core/object.c, within the nvkm_client_new() function in drivers/gpu/drm/nouveau/nvkm/core/client.c. A local user can escalate privileges on the system.
24) Memory leak (CVE-ID: CVE-2024-31076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the migrate_one_irq() function in kernel/irq/cpuhotplug.c, within the __send_cleanup_vector(), irq_complete_move() and irq_force_complete_move() functions in arch/x86/kernel/apic/vector.c. A local user can perform a denial of service (DoS) attack.
25) Improper locking (CVE-ID: CVE-2024-35839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_reject6_fill_skb_dst() and nf_send_reset6() functions in net/ipv6/netfilter/nf_reject_ipv6.c, within the nf_reject_fill_skb_dst() and nf_send_reset() functions in net/ipv4/netfilter/nf_reject_ipv4.c, within the br_nf_pre_routing_finish_ipv6() function in net/bridge/br_netfilter_ipv6.c, within the br_nf_pre_routing_finish_bridge(), br_nf_ipv4_daddr_was_changed(), bridge_parent_rtable(), skb_dst_set_noref(), setup_pre_routing(), br_nf_forward_finish(), ip_sabotage_in() and br_nf_pre_routing_finish_bridge_slow() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
26) Race condition within a thread (CVE-ID: CVE-2024-35898)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
27) Information disclosure (CVE-ID: CVE-2024-35939)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the dma_direct_alloc(), __dma_direct_free_pages() and dma_direct_alloc_pages() functions in kernel/dma/direct.c. A local user can gain access to sensitive information.
28) Out-of-bounds read (CVE-ID: CVE-2024-38540)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_qplib_create_qp() function in drivers/infiniband/hw/bnxt_re/qplib_fp.c. A local user can perform a denial of service (DoS) attack.
29) Buffer overflow (CVE-ID: CVE-2024-38541)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.
30) Buffer overflow (CVE-ID: CVE-2024-38586)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtl8169_doorbell() and rtl8169_start_xmit() functions in drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
31) NULL pointer dereference (CVE-ID: CVE-2024-38608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_resume(), _mlx5e_suspend(), mlx5e_suspend(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2024-39503)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the list_set_kadd(), list_set_kdel(), list_set_utest(), list_set_uadd(), list_set_udel() and list_set_destroy() functions in net/netfilter/ipset/ip_set_list_set.c, within the call_rcu(), ip_set_destroy() and ip_set_net_init() functions in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.
33) Buffer overflow (CVE-ID: CVE-2024-40924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/i915/gem/i915_gem_object.h. A local user can perform a denial of service (DoS) attack.
34) Use of uninitialized resource (CVE-ID: CVE-2024-40931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
35) NULL pointer dereference (CVE-ID: CVE-2024-40961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fib6_nh_init() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
36) Resource management error (CVE-ID: CVE-2024-40983)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.
37) NULL pointer dereference (CVE-ID: CVE-2024-40984)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.
38) Input validation error (CVE-ID: CVE-2024-41009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.
39) Buffer overflow (CVE-ID: CVE-2024-41039)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the cs_dsp_adsp1_parse_sizes(), cs_dsp_adsp2_parse_sizes(), cs_dsp_load() and cs_dsp_buf_free() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can escalate privileges on the system.
40) Input validation error (CVE-ID: CVE-2024-41042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
41) Memory leak (CVE-ID: CVE-2024-41066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
42) Use-after-free (CVE-ID: CVE-2024-41092)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_vma_revoke_fence() function in drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c. A local user can escalate privileges on the system.
43) Improper error handling (CVE-ID: CVE-2024-41093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amdgpu_vkms_prepare_fb() and amdgpu_vkms_cleanup_fb() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c. A local user can perform a denial of service (DoS) attack.
44) Type Confusion (CVE-ID: CVE-2024-42070)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c,
within the nf_tables_fill_setelem() and nft_validate_register_store()
functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.
45) NULL pointer dereference (CVE-ID: CVE-2024-42079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gfs2_jindex_free() function in fs/gfs2/super.c, within the lops_before_commit() function in fs/gfs2/log.c. A local user can perform a denial of service (DoS) attack.
46) Input validation error (CVE-ID: CVE-2024-42244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.
47) Use-after-free (CVE-ID: CVE-2024-42271)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the iucv_sever_path() function in net/iucv/af_iucv.c. A local user can escalate privileges on the system.
48) Buffer overflow (CVE-ID: CVE-2024-42284)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
49) Out-of-bounds read (CVE-ID: CVE-2024-42292)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.
50) Out-of-bounds read (CVE-ID: CVE-2024-42301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
51) Memory leak (CVE-ID: CVE-2024-43854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
52) Resource management error (CVE-ID: CVE-2024-43880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.
53) Division by zero (CVE-ID: CVE-2024-43889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
54) Race condition (CVE-ID: CVE-2024-43892)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
55) NULL pointer dereference (CVE-ID: CVE-2024-44935)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
56) NULL pointer dereference (CVE-ID: CVE-2024-44989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
57) NULL pointer dereference (CVE-ID: CVE-2024-44990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
58) Use of uninitialized resource (CVE-ID: CVE-2024-45018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.
59) Input validation error (CVE-ID: CVE-2024-46826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.
60) Use-after-free (CVE-ID: CVE-2024-46858)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mptcp_pm_del_add_timer() and remove_anno_list_by_saddr() functions in net/mptcp/pm_netlink.c. A local user can escalate privileges on the system.
61) Buffer overflow (CVE-ID: CVE-2024-47668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.
62) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2024-49768)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
63) Resource exhaustion (CVE-ID: CVE-2024-49769)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly clean up connections. A remote attacker can force the server to open all available sockets and perform a denial of service (DoS) attack.
64) Input validation error (CVE-ID: CVE-2024-50602)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the XML_ResumeParser function. A remote attacker can pass specially crafted XML input to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.