Multiple vulnerabilities in Red Hat Virtualization
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2021-3621 CVE-2021-3715 CVE-2021-22555 CVE-2021-32399 CVE-2021-31535 |
| CWE-ID | CWE-77 CWE-416 CWE-787 CWE-362 CWE-20 |
| Exploitation vector | Local |
| Public exploit |
Vulnerability #3 is being exploited in the wild. Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
redhat-virtualization-host (Red Hat package) Operating systems & Components / Operating system package or component redhat-release-virtualization-host (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Virtualization Host Web applications / Remote management & hosting panels Red Hat Virtualization Server applications / Virtualization software |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Command Injection
EUVDB-ID: #VU56000
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-3621
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation in the sssctl command within the logs-fetch and cache-expire subcommands. An attacker can trick the root user into running a specially crafted sssctl command, such as via sudo, and execute arbitrary code with root privileges.
Install updates from vendor's website.
redhat-virtualization-host (Red Hat package): 4.3.11-20200922.0.el7_9 - 4.3.17-20210713.0.el7_9
redhat-release-virtualization-host (Red Hat package): 4.3.4-1.el7ev - 4.3.17-1.el7ev
Red Hat Virtualization Host: 4
Red Hat Virtualization: 4
CPE2.3- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.11-20200922.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.12-20201216.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.13-20210127.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.4-1.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.5-2.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.5-4.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization:4:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2021:3477
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU56393
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-3715
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem (route4_change() function in net/sched/cls_route.c) in the way it handled changing of classification filters. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
redhat-virtualization-host (Red Hat package): 4.3.11-20200922.0.el7_9 - 4.3.17-20210713.0.el7_9
redhat-release-virtualization-host (Red Hat package): 4.3.4-1.el7ev - 4.3.17-1.el7ev
Red Hat Virtualization Host: 4
Red Hat Virtualization: 4
CPE2.3- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.11-20200922.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.12-20201216.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.13-20210127.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.4-1.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.5-2.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.5-4.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization:4:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2021:3477
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU56017
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2021-22555
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
redhat-virtualization-host (Red Hat package): 4.3.11-20200922.0.el7_9 - 4.3.17-20210713.0.el7_9
redhat-release-virtualization-host (Red Hat package): 4.3.4-1.el7ev - 4.3.17-1.el7ev
Red Hat Virtualization Host: 4
Red Hat Virtualization: 4
CPE2.3- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.11-20200922.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.12-20201216.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.13-20210127.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.4-1.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.5-2.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.5-4.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization:4:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2021:3477
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Race condition
EUVDB-ID: #VU55257
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-32399
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition for removal of the HCI controller within net/bluetooth/hci_request.c in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
redhat-virtualization-host (Red Hat package): 4.3.11-20200922.0.el7_9 - 4.3.17-20210713.0.el7_9
redhat-release-virtualization-host (Red Hat package): 4.3.4-1.el7ev - 4.3.17-1.el7ev
Red Hat Virtualization Host: 4
Red Hat Virtualization: 4
CPE2.3- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.11-20200922.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.12-20201216.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.13-20210127.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.4-1.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.5-2.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.5-4.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization:4:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2021:3477
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU53336
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2021-31535
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of color names within the XLookupColor() function. A local user can run a specially crafted application on the system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
redhat-virtualization-host (Red Hat package): 4.3.11-20200922.0.el7_9 - 4.3.17-20210713.0.el7_9
redhat-release-virtualization-host (Red Hat package): 4.3.4-1.el7ev - 4.3.17-1.el7ev
Red Hat Virtualization Host: 4
Red Hat Virtualization: 4
CPE2.3- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.11-20200922.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.12-20201216.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-virtualization-host_redhat_package:4.3.13-20210127.0.el7_9:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.4-1.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.5-2.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:redhat-release-virtualization-host_redhat_package:4.3.5-4.el7ev:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization_host:4:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:red_hat_virtualization:4:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2021:3477
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
