SB2024101048 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2024-2961)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the iconv() function when converting string to the ISO-2022-CN-EXT character set. A remote attacker can pass specially crafted input to the application, trigger a 4 byte buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Improper access control (CVE-ID: CVE-2024-44082)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions when handling images. A remote attacker can trick the victim into using a specially crafted image to gain access to sensitive information.

3) Input validation error (CVE-ID: CVE-2023-20584)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of special address ranges with invalid device table entries (DTEs) in IOMMU. A local user can induce DTE faults to bypass RMP checks in SEV-SNP.

4) Incomplete cleanup (CVE-ID: CVE-2023-31356)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incomplete system memory cleanup in SEV firmware. A local privileged user can corrupt guest private memory.

5) Improper synchronization (CVE-ID: CVE-2024-7409)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to improper synchronization during socket closure in the QEMU NBD Server. A malicious guest can perform a denial of service (DoS) attack.

6) Improper locking (CVE-ID: CVE-2024-27415)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nf_conntrack_init_end() function in net/netfilter/nf_conntrack_core.c, within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the IS_ENABLED() and br_nf_pre_routing() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.

7) Resource exhaustion (CVE-ID: CVE-2024-34156)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to encoding/gob does not properly control consumption of internal resources when calling Decoder.Decode. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Note, this vulnerability is related to #VU66068 (CVE-2024-34156).

8) NULL pointer dereference (CVE-ID: CVE-2024-36270)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nf_tproxy_laddr4() function in net/ipv4/netfilter/nf_tproxy_ipv4.c. A local user can perform a denial of service (DoS) attack.

9) Use-after-free (CVE-ID: CVE-2024-36979)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the br_mst_vlan_set_state() and br_mst_set_state() functions in net/bridge/br_mst.c. A local user can escalate privileges on the system.

10) Input validation error (CVE-ID: CVE-2024-38558)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2024:7594