SB2021072623 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.7
Published: July 26, 2021 Updated: August 9, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2021-33909)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow during size_t-to-int conversion when creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB. An unprivileged local user can write up to 10-byte string to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.
Successful exploitation of vulnerability may allow an attacker to exploit the our-of-bounds write vulnerability to execute arbitrary code with root privileges.
2) Uncontrolled Memory Allocation (CVE-ID: CVE-2021-33910)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack exhaustion within the basic/unit-name.c in systemd. A local user can crash the systemd (PID 1) and cause a kernel panic.
Remediation
Install update from vendor's website.