SB2026062538 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.12
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Improper privilege management (CVE-ID: CVE-2026-35385)
CWE-ID: CWE-269 - Improper Privilege Management
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to create files with unintended setuid or setgid bits.
The vulnerability exists due to improper privilege management in scp(1) when downloading files in legacy (-O) mode as root without the -p flag set. A local privileged user can download a file with crafted mode bits to create files with unintended setuid or setgid bits.
The issue occurs only in legacy mode and only when files are downloaded as root without preserving modes.
2) Out-of-bounds read (CVE-ID: CVE-2026-39979)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Amber
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a boundary condition in the "jv_parse_sized()" function. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
3) Inefficient Algorithmic Complexity (CVE-ID: CVE-2026-40164)
CWE-ID: CWE-407 - Inefficient Algorithmic Complexity
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to inefficient algorithmic complexity within hardcoded MurmurHash3 seed. A remote attacker can cause a denial of service condition on the target system.
4) Stack-based buffer overflow (CVE-ID: CVE-2026-43037)
CWE-ID: CWE-121 - Stack-based buffer overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a stack-based buffer overflow in ip4ip6_err() and __ip_options_echo() when processing a crafted packet that triggers ICMP error handling on a cloned skb. A remote attacker can send a specially crafted packet to execute arbitrary code.
The issue is caused by reusing skb cb[] data written by the IPv6 receive path as IPv4 metadata, allowing attacker-controlled packet data to influence the copied option length.
Remediation
Install update from vendor's website.