SB2025081472 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15
Published: August 14, 2025 Updated: September 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 36 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2024-45338)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in several Parse functions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
2) Link following (CVE-ID: CVE-2024-45339)
The vulnerability allows a local user to overwrite arbitrary files on the system.
The vulnerability exists due to insecure link following when writing log files. A local user can point a symbolic link to a critical file on the system and overwrite it with the log data.
3) Protection mechanism failure (CVE-ID: CVE-2025-32462)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient implementation of security measures when running sudo with -h (--host) option. If the current configuration provides access to users based on the host they are allowed to execute commands, a local user can bypass such a restriction by providing the hostname via the "-h" option they are allowed to execute commands. The vulnerability affects systems that use a common sudoers file that is distributed to multiple machines or when LDAP-based sudoers (including SSSD) is used.
4) NULL pointer dereference (CVE-ID: CVE-2022-49977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ftrace_startup() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
5) Integer overflow (CVE-ID: CVE-2024-23337)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in src/jv.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
6) Insufficient verification of data authenticity (CVE-ID: CVE-2024-34397)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing authorization for D-Bus signals. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service.
7) Improper Encoding or Escaping of Output (CVE-ID: CVE-2024-50349)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect handling of control sequences in account names when asking for credentials. A remote attacker can trick the victim into clicking on a specially crafted URL and trick users into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control.
8) Improper Encoding or Escaping of Output (CVE-ID: CVE-2024-52006)
The vulnerability allows a remote attacker to exfiltrate data.
The vulnerability exists due to newline confusion in credential helpers when interpreting single Carriage Return characters. A remote attacker can gain access to sensitive information.
9) Off-by-one (CVE-ID: CVE-2024-52533)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error in gio/gsocks4aproxy.c when handling responses from SOCKS4 proxy. A remote attacker can trick the victim into connecting to a malicious SOCKS4 proxy server, trigger an off-by-one error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Insecure temporary file (CVE-ID: CVE-2024-54661)
The vulnerability allows a local user to overwrite arbitrary files on the system.
The vulnerability exists due to usage of a predictable temporary file name in readline.sh. A local user can create a symbolic link from the temporary file to an arbitrary files on the system and overwrite it with the application's output, corrupting the file.
11) Use-after-free (CVE-ID: CVE-2024-57980)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uvc_status_init() function in drivers/media/usb/uvc/uvc_status.c. A local user can escalate privileges on the system.
12) Integer overflow (CVE-ID: CVE-2025-4373)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the g_string_insert_unichar() function in glib/gstring.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Stack-based buffer overflow (CVE-ID: CVE-2025-5222)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the SRBRoot::addTag() function in genrb binary. A remote unauthenticated attacker can pass a specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Acceptance of Extraneous Untrusted Data With Trusted Data (CVE-ID: CVE-2025-5994)
The vulnerability allows a remote attacker to perform cache poisoning attacks.
The vulnerability exists due to a logic error in the EDNS Client Subnet (ECS) implementation. A remote attacker can perform cache poisoning attacks against Unbound servers with ECS support, a.k.a. Rebirthday Attack.
Successful exploitation of the vulnerability requires that the server is compiled with '--enable-subnet' and configured to send ECS information to upstream name servers with at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options.
15) Improper access control (CVE-ID: CVE-2025-6020)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions within the pam_namespace module when handling user-controlled paths. A local user can use specially crafted symlinks and race conditions to execute arbitrary code as root.
16) Integer overflow (CVE-ID: CVE-2025-6021)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the xmlBuildQName() function in tree.c . A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Buffer overflow (CVE-ID: CVE-2025-6965)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing aggregated terms. A remote attacker can pass specially crafted input to the application where the number of aggregate terms exceeds the number of columns available, trigger memory corruption and perform a denial of service (DoS) attack.
18) Use-after-free (CVE-ID: CVE-2025-21759)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mld_send_cr() and igmp6_send() functions in net/ipv6/mcast.c. A local user can escalate privileges on the system.
19) Buffer overflow (CVE-ID: CVE-2025-21905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_parse_tlv_firmware() function in drivers/net/wireless/intel/iwlwifi/iwl-drv.c. A local user can perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2025-21919)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the child_cfs_rq_on_list() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
21) Improper locking (CVE-ID: CVE-2025-22113)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_handle_error(), ext4_put_super() and ext4_load_and_init_journal() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
22) Protection Mechanism Failure (CVE-ID: CVE-2025-27613)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists in Gitk when cloning an untrusted repository and executing Gitk without additional command arguments. A remote attacker can abuse such behavior and overwrite or truncate any files on the system.
Successful exploitation of the vulnerability requires that the "Support per-file encoding" option is enabled.
23) Input validation error (CVE-ID: CVE-2025-27614)
The vulnerability allows a remote attacker to compromise the affected system.
A Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking `gitk filename`, where `filename` has a particular structure.
24) Improper locking (CVE-ID: CVE-2025-37958)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __split_huge_pmd_locked() and split_huge_pmd_locked() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.
25) Use-after-free (CVE-ID: CVE-2025-38001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cl_in_el_or_vttree(), hfsc_change_class() and hfsc_enqueue() functions in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.
26) Use-after-free (CVE-ID: CVE-2025-38052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_aead_encrypt() and tipc_aead_encrypt_done() functions in net/tipc/crypto.c. A local user can escalate privileges on the system.
27) Race condition (CVE-ID: CVE-2025-40909)
The vulnerability allows a local user to tamper with application's behavior.
The vulnerability exists due to a race condition if a directory handle is open at thread creation. A local user can exploit the race and force the application to load code or access files from unexpected location.
28) Product UI does not warn user of unsafe actions (CVE-ID: CVE-2025-46835)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to missing notifications in Git GUI when performing potentially dangerous actions. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite any writable file.
29) Integer overflow (CVE-ID: CVE-2025-47268)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an integer overflow within the ping command when handling ICMP Echo Reply packets. A remote attacker can trick the victim to ping a malicious server, trigger an integer overflow and crash the application.
30) Path traversal (CVE-ID: CVE-2025-47273)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences in package_index.py. A remote attacker can trick the victim into installing a specially crafted script and overwrite arbitrary files on the system, leading to code execution.
31) Heap-based buffer overflow (CVE-ID: CVE-2025-48060)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the jv_string_vfmt() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
32) CRLF injection (CVE-ID: CVE-2025-48384)
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of attacker-supplied data when reading config values. A remote user can pass specially crafted config lines to the application containing CR-LF characters and execute arbitrary code on the system after checkout.
33) Input validation error (CVE-ID: CVE-2025-48385)
The vulnerability allows a remote attacker to compromise the affected client.
The vulnerability exists due to insufficient validation of bundle-uri parameter when cloning a repository. A remote attacker can trick the victim into cloning a specially crafted repository, perform a protocol injection attack and write code to arbitrary locations on the system, leading to remote code execution.
34) Out-of-bounds read (CVE-ID: CVE-2025-49133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the CryptHmacSign() function. A local user can trigger an out-of-bounds read error by sending malicious commands to a TPM 2.0/vTPM (swtpm) whose firmware is based on an affected TCG reference implementation and make vTPM (swtpm) unavailable to a VM.
35) Use-after-free (CVE-ID: CVE-2025-49794)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the xmlSchematronGetNode() function when processing XPath expressions in Schematron schema elements schematron.c. A remote attacker can pass specially crafted XML input to the application and perform a denial of service (DoS) attack.
36) Type Confusion (CVE-ID: CVE-2025-49796)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error within the xmlSchematronFormatReport() function when processing sch:name elements in schematron.c. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and crash the application.
Remediation
Install update from vendor's website.