SB2025031790 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2024-9675)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences in cache mounts. A local user can execute a 'RUN' instruction in a Container file to mount an arbitrary directory from the host into the container as long as those files can be accessed by the user running Buildah.

2) Resource exhaustion (CVE-ID: CVE-2024-11187)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling DNS zones with numerous records in the Additional section. A remote attacker can trigger resource exhaustion by sending multiple queries to he affected server and perform a denial of service (DoS) attack.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-11218)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions during the build process. A remote user can leverage usage of a --mount flag in RUN instructions in Containerfiles along with multi-stage builds with use of concurrently-executing build stages or multiple separate but concurrently-executing builds to expose content from the build host and perform read/write operations on the system with privileges of the podman system service.

4) Memory leak (CVE-ID: CVE-2024-50302)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.

Note, the vulnerability is being actively exploited in the wild against Android devices.

5) UNIX symbolic link following (CVE-ID: CVE-2024-9676)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a symlink following issue when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). A local user can create a symbolic link to an arbitrary file on the system, force the library to read it and perform a denial of service (DoS) attack.

6) Input validation error (CVE-ID: CVE-2025-1094)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in the database.

The vulnerability exists due to insufficient validation of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() and within the command line utility programs  when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. A remote attacker can pass specially crafted input to the application and execute arbitrary SQL queries in the database.

Note, the vulnerability is being actively exploited in the wild.

7) OS Command Injection (CVE-ID: CVE-2025-1244)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when handling custom "man" URI schemes. A remote attacker can trick the victim into clicking on a specially crafted URL and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2025:2454