SUSE update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-33394 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Containers Module Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system kubevirt-virt-controller-debuginfo Operating systems & Components / Operating system package or component kubevirt-virt-controller Operating systems & Components / Operating system package or component kubevirt-virt-operator Operating systems & Components / Operating system package or component kubevirt-virt-handler Operating systems & Components / Operating system package or component kubevirt-tests-debuginfo Operating systems & Components / Operating system package or component kubevirt-virt-api Operating systems & Components / Operating system package or component obs-service-kubevirt_containers_meta Operating systems & Components / Operating system package or component kubevirt-virt-exportproxy Operating systems & Components / Operating system package or component kubevirt-virt-exportserver-debuginfo Operating systems & Components / Operating system package or component kubevirt-pr-helper-conf Operating systems & Components / Operating system package or component kubevirt-virt-api-debuginfo Operating systems & Components / Operating system package or component kubevirt-virt-launcher-debuginfo Operating systems & Components / Operating system package or component kubevirt-container-disk Operating systems & Components / Operating system package or component kubevirt-virt-exportproxy-debuginfo Operating systems & Components / Operating system package or component kubevirt-virtctl-debuginfo Operating systems & Components / Operating system package or component kubevirt-tests Operating systems & Components / Operating system package or component kubevirt-virt-operator-debuginfo Operating systems & Components / Operating system package or component kubevirt-virt-exportserver Operating systems & Components / Operating system package or component kubevirt-virt-launcher Operating systems & Components / Operating system package or component kubevirt-virtctl Operating systems & Components / Operating system package or component kubevirt-virt-handler-debuginfo Operating systems & Components / Operating system package or component kubevirt-manifests Operating systems & Components / Operating system package or component kubevirt-container-disk-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU93867
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-33394
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to application does not properly impose security restrictions. A local user can obtain all secrets in the cluster and compromise it.
Update the affected package kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t to the latest version.
Vulnerable software versionsContainers Module: 15-SP6
SUSE Linux Enterprise Real Time 15: SP6
openSUSE Leap: 15.6
SUSE Linux Enterprise Server for SAP Applications 15: SP6
SUSE Linux Enterprise Server 15: SP6
kubevirt-virt-controller-debuginfo: before 1.1.1-150600.5.3.2
kubevirt-virt-controller: before 1.1.1-150600.5.3.2
kubevirt-virt-operator: before 1.1.1-150600.5.3.2
kubevirt-virt-handler: before 1.1.1-150600.5.3.2
kubevirt-tests-debuginfo: before 1.1.1-150600.5.3.2
kubevirt-virt-api: before 1.1.1-150600.5.3.2
obs-service-kubevirt_containers_meta: before 1.1.1-150600.5.3.2
kubevirt-virt-exportproxy: before 1.1.1-150600.5.3.2
kubevirt-virt-exportserver-debuginfo: before 1.1.1-150600.5.3.2
kubevirt-pr-helper-conf: before 1.1.1-150600.5.3.2
kubevirt-virt-api-debuginfo: before 1.1.1-150600.5.3.2
kubevirt-virt-launcher-debuginfo: before 1.1.1-150600.5.3.2
kubevirt-container-disk: before 1.1.1-150600.5.3.2
kubevirt-virt-exportproxy-debuginfo: before 1.1.1-150600.5.3.2
kubevirt-virtctl-debuginfo: before 1.1.1-150600.5.3.2
kubevirt-tests: before 1.1.1-150600.5.3.2
kubevirt-virt-operator-debuginfo: before 1.1.1-150600.5.3.2
kubevirt-virt-exportserver: before 1.1.1-150600.5.3.2
kubevirt-virt-launcher: before 1.1.1-150600.5.3.2
kubevirt-virtctl: before 1.1.1-150600.5.3.2
kubevirt-virt-handler-debuginfo: before 1.1.1-150600.5.3.2
kubevirt-manifests: before 1.1.1-150600.5.3.2
kubevirt-container-disk-debuginfo: before 1.1.1-150600.5.3.2
CPE2.3- cpe:2.3:o:suse:containers_module:15-SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_real_time_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP6:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kubevirt-virt-controller-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-controller:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-operator:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-handler:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-tests-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-api:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:obs-service-kubevirt_containers_meta:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-exportproxy:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-exportserver-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-pr-helper-conf:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-api-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-launcher-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-container-disk:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-exportproxy-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virtctl-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-tests:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-operator-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-exportserver:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-launcher:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virtctl:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-virt-handler-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-manifests:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kubevirt-container-disk-debuginfo:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20242318-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
