SB2024111358 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15
Published: November 13, 2024 Updated: December 4, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 56 secuirty vulnerabilities.
1) Cross-site request forgery (CVE-ID: CVE-2024-6508)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and compromise the victim's account.
2) DOM-based cross-site scripting (CVE-ID: CVE-2024-47875)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Resource exhaustion (CVE-ID: CVE-2023-45142)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect processing of HTTP header User-Agent and HTTP method. A remote attacker can send multiple requests with long randomly generated HTTP methods or/and User agents and consume memory resources, leading to a denial of service condition.4) Improper synchronization (CVE-ID: CVE-2024-7409)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper synchronization during socket closure in the QEMU NBD Server. A malicious guest can perform a denial of service (DoS) attack.
5) Out-of-bounds write (CVE-ID: CVE-2019-12900)
6) NULL pointer dereference (CVE-ID: CVE-2022-48773)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rpcrdma_ep_create() function in net/sunrpc/xprtrdma/verbs.c. A local user can perform a denial of service (DoS) attack.
7) Improper locking (CVE-ID: CVE-2022-48936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c, within the inet_gso_segment() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2023-52492)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
9) Creation of temporary file in directory with insecure permissions (CVE-ID: CVE-2024-2314)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to software loads kernel headers from an insecure temporary directory. A local user can place malicious links headers into the temporary directory and escalate privileges on the system.10) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2024-3596)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of a broken or risky cryptographic algorithm in RADIUS Protocol. A remote user can perform a man-in-the-middle (MitM) attack and gain access to target system.
11) NULL pointer dereference (CVE-ID: CVE-2024-7006)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in tif_dirinfo.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2024-9341)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container.
13) Path traversal (CVE-ID: CVE-2024-9675)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences in cache mounts. A local user can execute a 'RUN' instruction in a Container file to mount an arbitrary directory from the host into the container as long as those files can be accessed by the user running Buildah.
14) UNIX symbolic link following (CVE-ID: CVE-2024-9676)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a symlink following issue when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). A local user can create a symbolic link to an arbitrary file on the system, force the library to read it and perform a denial of service (DoS) attack.
15) Race condition (CVE-ID: CVE-2024-24857)
The vulnerability allows a remote non-authenticated attacker to damange or delete data.
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
16) Out-of-bounds read (CVE-ID: CVE-2024-26851)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
17) Resource management error (CVE-ID: CVE-2024-26924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nft_pipapo_remove() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2024-26976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
19) Incorrect calculation (CVE-ID: CVE-2024-27017)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
20) Race condition (CVE-ID: CVE-2024-27062)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nvkm_object_search() and nvkm_object_remove() functions in drivers/gpu/drm/nouveau/nvkm/core/object.c, within the nvkm_client_new() function in drivers/gpu/drm/nouveau/nvkm/core/client.c. A local user can escalate privileges on the system.
21) Resource exhaustion (CVE-ID: CVE-2024-34155)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to go/parser does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
22) Resource exhaustion (CVE-ID: CVE-2024-34156)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to encoding/gob does not properly control consumption of internal resources when calling Decoder.Decode. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Note, this vulnerability is related to #VU66068 (CVE-2024-34156).
23) Resource exhaustion (CVE-ID: CVE-2024-34158)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to go/build/constraint does not properly control consumption of internal resources when calling Parse on a "// +build" build tag line with deeply nested expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
24) Improper locking (CVE-ID: CVE-2024-35839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nf_reject6_fill_skb_dst() and nf_send_reset6() functions in net/ipv6/netfilter/nf_reject_ipv6.c, within the nf_reject_fill_skb_dst() and nf_send_reset() functions in net/ipv4/netfilter/nf_reject_ipv4.c, within the br_nf_pre_routing_finish_ipv6() function in net/bridge/br_netfilter_ipv6.c, within the br_nf_pre_routing_finish_bridge(), br_nf_ipv4_daddr_was_changed(), bridge_parent_rtable(), skb_dst_set_noref(), setup_pre_routing(), br_nf_forward_finish(), ip_sabotage_in() and br_nf_pre_routing_finish_bridge_slow() functions in net/bridge/br_netfilter_hooks.c. A local user can perform a denial of service (DoS) attack.
25) Race condition within a thread (CVE-ID: CVE-2024-35898)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
26) Information disclosure (CVE-ID: CVE-2024-35939)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the dma_direct_alloc(), __dma_direct_free_pages() and dma_direct_alloc_pages() functions in kernel/dma/direct.c. A local user can gain access to sensitive information.
27) Out-of-bounds read (CVE-ID: CVE-2024-38540)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_qplib_create_qp() function in drivers/infiniband/hw/bnxt_re/qplib_fp.c. A local user can perform a denial of service (DoS) attack.
28) Buffer overflow (CVE-ID: CVE-2024-38541)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.
29) Buffer overflow (CVE-ID: CVE-2024-38586)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rtl8169_doorbell() and rtl8169_start_xmit() functions in drivers/net/ethernet/realtek/r8169_main.c. A local user can perform a denial of service (DoS) attack.
30) NULL pointer dereference (CVE-ID: CVE-2024-38608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_resume(), _mlx5e_suspend(), mlx5e_suspend(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
31) Use-after-free (CVE-ID: CVE-2024-39503)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the list_set_kadd(), list_set_kdel(), list_set_utest(), list_set_uadd(), list_set_udel() and list_set_destroy() functions in net/netfilter/ipset/ip_set_list_set.c, within the call_rcu(), ip_set_destroy() and ip_set_net_init() functions in net/netfilter/ipset/ip_set_core.c. A local user can escalate privileges on the system.
32) Buffer overflow (CVE-ID: CVE-2024-40924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/i915/gem/i915_gem_object.h. A local user can perform a denial of service (DoS) attack.
33) NULL pointer dereference (CVE-ID: CVE-2024-40961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fib6_nh_init() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
34) Resource management error (CVE-ID: CVE-2024-40983)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tipc_rcv() function in net/tipc/node.c. A local user can perform a denial of service (DoS) attack.
35) NULL pointer dereference (CVE-ID: CVE-2024-40984)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.
36) Input validation error (CVE-ID: CVE-2024-41009)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __aligned(), bpf_ringbuf_alloc(), bpf_ringbuf_restore_from_rec() and __bpf_ringbuf_reserve() functions in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.
37) Input validation error (CVE-ID: CVE-2024-41042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
38) Memory leak (CVE-ID: CVE-2024-41066)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.
39) Use-after-free (CVE-ID: CVE-2024-41092)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i915_vma_revoke_fence() function in drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c. A local user can escalate privileges on the system.
40) Improper error handling (CVE-ID: CVE-2024-41093)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amdgpu_vkms_prepare_fb() and amdgpu_vkms_cleanup_fb() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c. A local user can perform a denial of service (DoS) attack.
41) Type Confusion (CVE-ID: CVE-2024-42070)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a type confusion error within the nft_lookup_init() function in net/netfilter/nft_lookup.c,
within the nf_tables_fill_setelem() and nft_validate_register_store()
functions in net/netfilter/nf_tables_api.c. A local user can pass specially crafted data to the packet filtering to trigger a type confusion error and gain access to sensitive information.
42) NULL pointer dereference (CVE-ID: CVE-2024-42079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gfs2_jindex_free() function in fs/gfs2/super.c, within the lops_before_commit() function in fs/gfs2/log.c. A local user can perform a denial of service (DoS) attack.
43) Input validation error (CVE-ID: CVE-2024-42244)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mos7840_port_remove() function in drivers/usb/serial/mos7840.c. A local user can perform a denial of service (DoS) attack.
44) Buffer overflow (CVE-ID: CVE-2024-42284)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
45) Out-of-bounds read (CVE-ID: CVE-2024-42292)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the zap_modalias_env() function in lib/kobject_uevent.c. A local user can perform a denial of service (DoS) attack.
46) Out-of-bounds read (CVE-ID: CVE-2024-42301)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_active_device(), do_autoprobe(), do_hardware_base_addr(), do_hardware_irq(), do_hardware_dma() and do_hardware_modes() functions in drivers/parport/procfs.c. A local user can perform a denial of service (DoS) attack.
47) Memory leak (CVE-ID: CVE-2024-43854)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bio_integrity_prep() function in block/bio-integrity.c. A local user can perform a denial of service (DoS) attack.
48) Resource management error (CVE-ID: CVE-2024-43880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the objagg_hints_obj_cmp() and objagg_hints_get() functions in lib/objagg.c, within the mlxsw_sp_acl_erp_delta_check() and mlxsw_sp_acl_erp_root_destroy() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c. A local user can perform a denial of service (DoS) attack.
49) Division by zero (CVE-ID: CVE-2024-43889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the padata_do_multithreaded() function in kernel/padata.c. A local user can perform a denial of service (DoS) attack.
50) Race condition (CVE-ID: CVE-2024-43892)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the MEM_CGROUP_ID_MAX(), mem_cgroup_alloc() and mem_cgroup_css_online() functions in mm/memcontrol.c. A local user can escalate privileges on the system.
51) NULL pointer dereference (CVE-ID: CVE-2024-44935)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __sctp_hash_endpoint() and __sctp_unhash_endpoint() functions in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
52) NULL pointer dereference (CVE-ID: CVE-2024-44989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_del_sa_all() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
53) NULL pointer dereference (CVE-ID: CVE-2024-44990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_ipsec_offload_ok() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
54) Use of uninitialized resource (CVE-ID: CVE-2024-45018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nf_flow_offload_tuple() function in net/netfilter/nf_flow_table_offload.c. A local user can perform a denial of service (DoS) attack.
55) Input validation error (CVE-ID: CVE-2024-46826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/binfmt_elf.c. A local user can perform a denial of service (DoS) attack.
56) Buffer overflow (CVE-ID: CVE-2024-47668)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the __genradix_ptr_alloc() function in lib/generic-radix-tree.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.