SB2025050803 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025050803

SB2025050803 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15

Published: May 8, 2025

Security Bulletin ID SB2025050803
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 42% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2024-55549)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in xsltGetInheritedNsList. A remote attacker can pass specially crafted input to the application, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


2) Out-of-bounds write (CVE-ID: CVE-2025-0624)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the grub_net_search_config_file() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.


3) Use-after-free (CVE-ID: CVE-2025-24855)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in numbers.c when handling nested XPath evaluations. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


4) Resource exhaustion (CVE-ID: CVE-2025-30204)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the parse.ParseUnverified function when parsing authorization header. A remote attacker can send a specially crafted HTTP response to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.


5) Use-after-free (CVE-ID: CVE-2022-49043)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the xmlXIncludeAddNode() function in xinclude.c. A remote attacker can pass specially crafted XML input to the application, trigger a use-after-free error and crash the application or potentially execute arbitrary code.



6) Out-of-bounds read (CVE-ID: CVE-2024-53150)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the DESC_LENGTH_CHECK(), validate_clock_source() and validate_clock_selector() functions in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.


7) Information disclosure (CVE-ID: CVE-2025-29781)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD. A local user can gain unauthorized access to sensitive information on the system.


8) Stack-based buffer overflow (CVE-ID: CVE-2024-8176)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling XML content. A remote attacker can pass specially crafted XML content to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Resource exhaustion (CVE-ID: CVE-2024-12133)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources processing a large number of SEQUENCE OF or SET OF elements in a certificate. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


10) Resource exhaustion (CVE-ID: CVE-2024-12243)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to libtasn1 does not properly control consumption of internal resources when decoding certain DER-encoded certificate data. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


11) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2024-53241)

The vulnerability allows a malicious guest to gain access to sensitive information.

The vulnerability exists due to implemented mitigations for hardware vulnerabilities related to Xen hypercall page implementation the guest OS is relying on to work might not be fully functional, resulting in e.g. guest user processes being able to read data they ought not have access to.


12) Buffer overflow (CVE-ID: CVE-2025-0395)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when the assert() function fails. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References