SB2024061812 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.12

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2024-28180)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when decompressing JWE with Decrypt or DecryptMulti. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2021-47013)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the emac_mac_tx_buf_send() function in drivers/net/ethernet/qualcomm/emac/emac-mac.c. A local user can escalate privileges on the system.

3) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2023-3006)

The vulnerability allow a local user to gain access to sensitive information.

The vulnerability exists due to a known cache speculation vulnerability (Spectre-BHB) for the new hw AmpereOne. A local user can gain access to sensitive information.

4) Out-of-bounds read (CVE-ID: CVE-2023-3966)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when handling Geneve packets. A remote attacker can send specially crafted Geneve packets with HF offload to the system, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

5) Insufficient verification of data authenticity (CVE-ID: CVE-2023-5366)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to missing verification of data authenticity when handling ICMPv6 Neighbor Advertisement packets between virtual machines. A local user can bypass OpenFlow rules and send otherwise restricted packets.

6) Resource exhaustion (CVE-ID: CVE-2023-52425)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing large tokens. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

7) Race condition (CVE-ID: CVE-2023-52578)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a data race within the br_handle_frame_finish() function in net/bridge/br_input.c. A local user can exploit the race and perform a denial of service (DoS) attack.

8) Input validation error (CVE-ID: CVE-2024-2182)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling BFD packets from inside unprivileged workloads. A remote user with access to a virtual machine or a container can pass specially crafted input to the application and perform a denial of service (DoS) attack.

9) Cryptographic issues (CVE-ID: CVE-2024-28834)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to a side-channel attack when using the gnutls_privkey_sign_data2 API function with the "GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE" flag. A remote attacker can launch Minerva attack and gain access to sensitive information.

10) Input validation error (CVE-ID: CVE-2024-28835)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing the cert_list_size parameter in the gnutls_x509_trust_list_verify_crt2() function in certtool. A remote attacker can pass specially crafted PEM encoded certificate chain that contains more than 16 certificates to the certtool and crash it.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2024:3349