SB2025092395 - Multiple vulnerabilities in OpenShift Virtualization 4.12
Published: September 23, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2024-45338)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in several Parse functions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
2) Denial of service (CVE-ID: CVE-2016-9840)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in zlib due to out-of-bounds pointer arithmetic in inftrees.c. A remote attacker can send a specially crafted document, trick the victim into opening it, and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
3) Insufficient verification of data authenticity (CVE-ID: CVE-2024-34397)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.
4) Insufficiently protected credentials (CVE-ID: CVE-2024-47081)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the library leaks .netrc credentials to third parties for specific maliciously-crafted URLs. A remote attacker can gain access to sensitive information.
5) Off-by-one (CVE-ID: CVE-2024-52533)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error in gio/gsocks4aproxy.c when handling responses from SOCKS4 proxy. A remote attacker can trick the victim into connecting to a malicious SOCKS4 proxy server, trigger an off-by-one error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2025-3576)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of RC4-HMAC-MD algorithm for GSSAPI-protected messages. A remote attacker can perform MitM attack.
7) Integer overflow (CVE-ID: CVE-2025-4373)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the g_string_insert_unichar() function in glib/gstring.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Double free (CVE-ID: CVE-2025-5914)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the archive_read_format_rar_seek_data() function. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Improper access control (CVE-ID: CVE-2025-6020)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions within the pam_namespace module when handling user-controlled paths. A local user can use specially crafted symlinks and race conditions to execute arbitrary code as root.
10) Buffer overflow (CVE-ID: CVE-2025-6965)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing aggregated terms. A remote attacker can pass specially crafted input to the application where the number of aggregate terms exceeds the number of columns available, trigger memory corruption and perform a denial of service (DoS) attack.
11) Double free (CVE-ID: CVE-2025-8058)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the regcomp() function in case previous memory allocations fail. A remote attacker can pass specially crafted data to the application, trigger double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Infinite loop (CVE-ID: CVE-2025-8194)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the “tarfile” module when handling tar archives with negative offsets. A remote attacker can pass a specially crafted tar archive to the application and consume all available system resources, resulting in a deadlock and a denial of service.
13) Link following (CVE-ID: CVE-2025-8941)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an insecure link following issue in the pam_namespace module. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
The vulnerability exists due to incomplete fix for #VU111389 (CVE-2025-6020).
14) Heap-based buffer overflow (CVE-ID: CVE-2025-32415)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xmlSchemaIDCFillNodeTables() function. A remote attacker can pass specially crafted XML data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Race condition (CVE-ID: CVE-2025-40909)
The vulnerability allows a local user to tamper with application's behavior.
The vulnerability exists due to a race condition if a directory handle is open at thread creation. A local user can exploit the race and force the application to load code or access files from unexpected location.
16) Path traversal (CVE-ID: CVE-2025-47273)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences in package_index.py. A remote attacker can trick the victim into installing a specially crafted script and overwrite arbitrary files on the system, leading to code execution.
Remediation
Install update from vendor's website.