SB2025070202 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.18

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025070202

SB2025070202 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.18

Published: July 2, 2025

Security Bulletin ID SB2025070202
Severity
Medium
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 7% Low 93%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Untrusted search path (CVE-ID: CVE-2025-4802)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted LD_LIBRARY_PATH environment variable. A local user can use the LD_LIBRARY_PATH environment variable to point to a malicious binary and execute arbitrary code with escalated privileges.

The vulnerability affects statically linked setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).


2) Improper locking (CVE-ID: CVE-2023-52623)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.


3) Memory leak (CVE-ID: CVE-2023-52662)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.


4) Use of uninitialized resource (CVE-ID: CVE-2024-26638)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __sock_xmit() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.


5) Memory leak (CVE-ID: CVE-2024-26669)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.


6) Use-after-free (CVE-ID: CVE-2024-26939)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the active_to_vma() and i915_vma_pin_ww() functions in drivers/gpu/drm/i915/i915_vma.c. A local user can escalate privileges on the system.


7) Information disclosure (CVE-ID: CVE-2024-35838)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sta_info_free() function in net/mac80211/sta_info.c. A local user can gain access to sensitive information.


8) Double free (CVE-ID: CVE-2024-35847)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.


9) Buffer overflow (CVE-ID: CVE-2024-36917)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.


10) Input validation error (CVE-ID: CVE-2024-41042)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.


11) Out-of-bounds read (CVE-ID: CVE-2024-56615)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dev_map_alloc(), dev_map_delete_elem() and dev_map_hash_delete_elem() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.


12) Input validation error (CVE-ID: CVE-2024-58099)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vmxnet3_xdp_xmit_frame() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.


13) Improper Certificate Validation (CVE-ID: CVE-2025-6032)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. A remote attacker can perform MitM attack. 


14) Use-after-free (CVE-ID: CVE-2025-21764)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.


Remediation

Install update from vendor's website.

References