SB2022062928 - Multiple vulnerabilities in Red Hat Advanced Cluster Management 2.4
Published: June 29, 2022 Updated: July 19, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 62 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2021-43976)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the mwifiex_usb_recv() function in drivers/net/wireless/marvell/mwifiex/usb.c in Linux kernel. An attacker with physical access to the system can insert a specially crafted USB device and perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2021-4203)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in sock_getsockopt() function in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() function (and connect() function) in the Linux kernel. A local user can exploit the use-after-free error and crash the system or escalate privileges on the system.
3) Use of insufficiently random values (CVE-ID: CVE-2021-20322)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when processing received ICMP errors. A remote attacker can effectively bypass the source port UDP randomization to gain access to sensitive information.
4) Information disclosure (CVE-ID: CVE-2021-21781)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the ARM SIGPAGE functionality. A userland application can read the contents of the sigpage, which can leak kernel memory contents.
5) Resource exhaustion (CVE-ID: CVE-2021-25219)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to BIND does not properly control consumption of internal resources when processing lame cache. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
6) Information disclosure (CVE-ID: CVE-2021-26401)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within LFENCE/JMP. A local user can gain unauthorized access to sensitive information on the system.
7) Command Injection (CVE-ID: CVE-2021-29154)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect computation of branch displacements within the BPF JIT compilers in the Linux kernel in arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. A local user can inject and execute arbitrary commands with elevated privileges.
8) Double Free (CVE-ID: CVE-2021-37159)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to hso_free_net_device() function in drivers/net/usb/hso.c in the Linux kernel calls unregister_netdev without checking for the NETREG_REGISTERED state. A local user can trigger double free and use-after-free errors and execute arbitrary code with elevated privileges.
9) Integer overflow (CVE-ID: CVE-2021-38185)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the "ds_fgetstr" parameter in "dstring.c". A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Improper Privilege Management (CVE-ID: CVE-2021-41617)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in sshd, when certain non-default configurations are used, because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and
AuthorizedPrincipalsCommand may run with privileges associated with
group memberships of the sshd process, if the configuration specifies
running the command as a different user. A local user can escalate privileges on the system.
11) Out-of-bounds write (CVE-ID: CVE-2021-41864)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
12) Buffer overflow (CVE-ID: CVE-2021-42739)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary within the firewire subsystem in the Linux kernel in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files. A local privileged user can run a specially crafted program tat calls avc_ca_pmt() function to trigger memory corruption and execute arbitrary code with elevated privileges.
13) Unchecked Return Value (CVE-ID: CVE-2021-43056)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation error when handling SRR1 register values. A local user can perform a denial of service attack, when the host is running on Power8.
14) Improper Validation of Array Index (CVE-ID: CVE-2021-43389)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.The vulnerability exists due to improper validation of array index in the ISDN CAPI implementation within detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.
15) Use-after-free (CVE-ID: CVE-2021-44733)
The vulnerability allows a local user to elevate privileges on the system.
The vulnerability exists due to a use-after-free error in the drivers/tee/tee_shm.c file within the TEE subsystem in the Linux kernel. A local user can trigger a race condition in tee_shm_get_from_id during an attempt to free a shared memory object and execute arbitrary code with elevated privileges.
16) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2021-4189)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in the FTP (File Transfer Protocol) client library when using it in PASV (passive) mode. A remote attacker can set up a malicious FTP server, trick the FTP client in Python into connecting back to a given IP address and port, which can lead to FTP client scanning ports which otherwise would not have been possible.
17) Information disclosure (CVE-ID: CVE-2021-45485)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in the IPv6 implementation in the Linux kernel. A remote attacker can gain access to sensitive information.
18) Information disclosure (CVE-ID: CVE-2021-45486)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incorrect implementation of the IPv4 protocol in the Linux kernel. A remote attacker can disclose internal state in some situations.
19) Information disclosure (CVE-ID: CVE-2022-0001)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor selectors between contexts. A local user can gain unauthorized access to sensitive information on the system.
20) Information disclosure (CVE-ID: CVE-2022-0002)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to non-transparent sharing of branch predictor within a context. A local user can gain unauthorized access to sensitive information on the system.
21) NULL pointer dereference (CVE-ID: CVE-2022-0286)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s bonding driver when user bonds non existing or fake device. A local user can perform a denial of service (DoS) attack.
22) Type conversion (CVE-ID: CVE-2022-0322)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a type conversion error in the sctp_make_strreset_req() function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel. A local user can perform a denial of service attack.
23) Use-after-free (CVE-ID: CVE-2022-1011)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the write() function of FUSE filesystem. A local user can retireve (partial) /etc/shadow hashes and execute arbitrary code with elevated privileges.
24) Input validation error (CVE-ID: CVE-2022-1271)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
25) Integer underflow (CVE-ID: CVE-2022-28733)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow when processing IP packets within the grub_net_recv_ip4_packets() function. A remote attacker can send specially crafted network traffic to the affected system, trigger an integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Out-of-bounds write (CVE-ID: CVE-2022-28734)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing split HTTP headerst. A remote attacker can send specially crafted traffic to the affected system, trigger an out-of-bounds write and execute arbitrary code on the target system.
27) Insufficient verification of data authenticity (CVE-ID: CVE-2022-28735)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. A local privileged user can load unverified modules into GRUB and bypass secure boot protection mechanism.
28) Use-after-free (CVE-ID: CVE-2022-28736)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a use-after-free error in the grub_cmd_chainloader() function in chainloader command. A local privileged user can trigger a use-after-free error and bypass secure boot protection mechanism.
29) Out-of-bounds write (CVE-ID: CVE-2022-28737)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a boundary error in the handle_image() function when shim tries to load and execute crafted EFI executables. A local privileged user can trigger an out-of-bounds write error and bypass secure boot protection mechanism.
30) Security restrictions bypass (CVE-ID: CVE-2021-4197)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.
31) Buffer overflow (CVE-ID: CVE-2021-4157)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Linux kernel NFS subsystem. A remote attacker can create a specially crafted data and crash the system or escalate privileges on the system
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Input validation error (CVE-ID: CVE-2021-43565)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing a Signer to ServerConfig.AddHostKey in cases where the Signer passed to AddHostKey does not implement AlgorithmSigner or the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey method. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
33) Out-of-bounds write (CVE-ID: CVE-2021-3612)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in joystick devices subsystem in Linux kernel. A local user can make a specially crafted JSIOCSBTNMAP IOCTL call, trigger out-of-bounds write and execute arbitrary code with escalated privileges.
34) Input validation error (CVE-ID: CVE-2022-21803)
The vulnerability allows a remote attacker to modify files on the system.
The vulnerability exists due to .set() function that is responsible for setting the configuration properties is vulnerable to Prototype Pollution. A remote attacker can provide a specially crafted property, leading to prototype object pollution.
35) Unchecked Return Value (CVE-ID: CVE-2022-23806)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to unchecked return value within the Curve.IsOnCurve() function in crypto/elliptic. A remote attacker can force the application to incorrectly return true in situations with a big.Int value that is not a valid field element. As a result, an attacker can modify application flow, which can lead to unauthorized data modification or denial of service.
36) Incorrect authorization (CVE-ID: CVE-2022-24450)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to misusing the "dynamically provisioned sandbox accounts" feature. A remote user can take advantage of its valid account and switch over to another existing account without further authentication to obtain the privileges of the System account.
37) Path traversal (CVE-ID: CVE-2022-24785)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the npm version of Moment.js. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
38) Improper Control of Dynamically-Managed Code Resources (CVE-ID: CVE-2022-25645)
The vulnerability allows a remote attacker to modify files on the system.
The vulnerability exists due to dset function checks for prototype pollution by validating if the top-level path contains __proto__, constructor or protorype. A remote unauthenticated attacker can send a specially crafted malicious object, bypass check and achieve prototype pollution.
39) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29526)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.
40) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2022-29810)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to go-getter library can write SSH credentials into its log file. A local user with access to log files can read credentials in clear text, which may lead to privilege escalation or account takeover.
41) Buffer overflow (CVE-ID: CVE-2018-25032)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
42) Improper Privilege Management (CVE-ID: CVE-2020-0404)
The vulnerability allows a local authenticated user to execute arbitrary code.
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel
43) Information disclosure (CVE-ID: CVE-2020-4788)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in IBM Power9 processors due to unspecified error. A local user can obtain sensitive information from the data in the L1 cache under extenuating circumstances.
44) Buffer overflow (CVE-ID: CVE-2020-19131)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error in the invertImage() function in the tiffcrop component. A remote attacker can pass a specially crafted file to the application and perform a denial of service attack.
45) Use-after-free (CVE-ID: CVE-2020-27820)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a use-after-free error in nouveau's postclose() handler. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.
46) Out-of-bounds read (CVE-ID: CVE-2021-0941)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in __bpf_skb_max_len() function in net/core/filter.c in the Linux kernel. A local user with special privilege can gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
47) Buffer overflow (CVE-ID: CVE-2021-3634)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling shared secrets. A remote attacker can supply a shared secret of a different size, trigger a memory corruption during the second key re-exchange and crash the application or potentially execute arbitrary code.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
48) Use-after-free (CVE-ID: CVE-2021-4083)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel's garbage collection for Unix domain socket file handlers. A local user can call close() and fget() simultaneously and can potentially trigger a race condition, which in turn leads to a use-after-free error and allows privilege escalation.
49) Resource exhaustion (CVE-ID: CVE-2021-3669)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to measuring usage of the shared memory does not scale with large shared memory segment counts. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
50) Out-of-bounds write (CVE-ID: CVE-2021-3695)
The vulnerability allows a local privileged user to bypass implemented security restrictions.
The vulnerability exists due to a boundary error when processing PNG grayscale images. A local privileged user can pass specially crafted PNG image to the application, trigger an out-of-bounds write error and potentially bypass secure boot protection mechanism.
51) Out-of-bounds write (CVE-ID: CVE-2021-3696)
The vulnerability allows a local privileged user to bypass implemented security restrictions.
The vulnerability exists due to a boundary error when handling Huffman tables in the PNG reader. A local privileged user can pass specially crafted PNG image to the application, trigger an out-of-bounds write error and potentially bypass secure boot protection mechanism.
52) Integer underflow (CVE-ID: CVE-2021-3697)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer underflow within the JPEG reader. A local privileged user can trigger an integer underflow and bypass secure boot protection mechanism.
53) Infinite loop (CVE-ID: CVE-2021-3737)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop. A remote attacker who controls a malicious server can force the client to enter an infinite loop on a 100 Continue response.
54) Out-of-bounds read (CVE-ID: CVE-2021-3743)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a boundary condition in the Qualcomm IPC router protocol in the Linux kernel. A local user can gain access to out-of-bounds memory to leak internal kernel information or perform a denial of service attack.
55) Memory leak (CVE-ID: CVE-2021-3744)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c. A local user can force the application to leak memory and perform denial of service attack.
56) Use-after-free (CVE-ID: CVE-2021-3752)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel’s Bluetooth subsystem when a user calls connect to the socket and disconnect simultaneously. A local user can escalate privileges on the system.
57) Resource exhaustion (CVE-ID: CVE-2021-3759)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the Linux kernel’s ipc functionality of the memcg subsystem when user calls the semget function multiple times, creating semaphores. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
58) Memory leak (CVE-ID: CVE-2021-3764)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak error in the ccp_run_aes_gcm_cmd() function in Linux kernel. A local user can trigger a memory leak error and perform a denial of service (DoS) attack.
59) Insufficient verification of data authenticity (CVE-ID: CVE-2021-3772)
The vulnerability allows a remote attacker to perform a denial of service attack (DoS) on the target system.The vulnerability exists due to insufficient verification of data authenticity in the Linux SCTP stack. A remote attacker can exploit this vulnerability to perform a denial of service attack.
60) Information disclosure (CVE-ID: CVE-2021-3773)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the netfilter. A remote attacker can infer openvpn connection endpoint informationand gain unauthorized access to sensitive information on the system.
61) Memory leak (CVE-ID: CVE-2021-4002)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in the Linux kernel's hugetlbfs memory usage. A local user can force the application to leak memory and gain access to sensitive information.
62) Improper access control (CVE-ID: CVE-2021-4037)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the fs/inode.c:inode_init_owner() function logic of the Linux kernel. A local user can create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set to bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Install update from vendor's website.