SB2021090212 - Multiple vulnerabilities in OpenShift Container Platform 4.7

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021090212

SB2021090212 - Multiple vulnerabilities in OpenShift Container Platform 4.7

Published: September 2, 2021 Updated: February 8, 2024

Security Bulletin ID SB2021090212
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 20% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Improper Validation of Array Index (CVE-ID: CVE-2021-3121)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper validation of index array in plugin/unmarshal/unmarshal.go. A remote attacker can pass specially crafted data to the application and bypass implemented security restrictions, possibly leading to remote code execution.


2) Race condition (CVE-ID: CVE-2021-3609)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the CAN BCM networking protocol (net/can/bcm.c) in the Linux kernel ranging from version 2.6.25 to mainline 5.13-rc6. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.


3) Buffer overflow (CVE-ID: CVE-2021-22543)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Linux kernel when handling VM_IO|VM_PFNMAP vmas in KVM. A local user can  can bypass RO checks and cause the pages to get freed while still accessible by the VMM and guest. As a result, an attacker with the ability to start and control a VM to read/write random pages of memory, can trigger memory corruption and execute arbitrary code with elevated privileges.



4) Out-of-bounds write (CVE-ID: CVE-2021-22555)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


5) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2021-27218)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to incorrect conversion between numeric types in Gnome Glib. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.


Remediation

Install update from vendor's website.

References