VAR-202201-0496
Vulnerability from variot - Updated: 2025-12-22 21:46An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-5127-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 02, 2022 https://www.debian.org/security/faq
Package : linux CVE ID : CVE-2021-4197 CVE-2022-0168 CVE-2022-1016 CVE-2022-1048 CVE-2022-1158 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516 CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-29582
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. The security impact is negligible as CAP_SYS_ADMIN inherently gives the ability to deny service.
CVE-2022-1016
David Bouman discovered a flaw in the netfilter subsystem where the
nft_do_chain function did not initialize register data that
nf_tables expressions can read from and write to. A local user with access to
/dev/kvm could cause the MMU emulator to update page table entry
flags at the wrong address.
CVE-2022-1195
Lin Ma discovered race conditions in the 6pack and mkiss hamradio
drivers, which could lead to a use-after-free.
CVE-2022-1198
Duoming Zhou discovered a race condition in the 6pack hamradio
driver, which could lead to a use-after-free.
CVE-2022-1199, CVE-2022-1204, CVE-2022-1205
Duoming Zhou discovered race conditions in the AX.25 hamradio
protocol, which could lead to a use-after-free or null pointer
dereference.
CVE-2022-1353
The TCS Robot tool found an information leak in the PF_KEY
subsystem.
CVE-2022-1516
A NULL pointer dereference flaw in the implementation of the X.25
set of standardized network protocols, which can result in denial
of service.
This driver is not enabled in Debian's official kernel
configurations.
This driver is not enabled in Debian's official kernel
configurations.
For the stable distribution (bullseye), these problems have been fixed in version 5.10.113-1.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJwRg9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S8bw//bsMGzd7yC5QHR9/G3Vxn10HSYSy9vkPdOrg9nt58xCygMTvj9G4Ur7P5 SqPulxdczzDQgAEl/UVzmCifFMAbfi77w+0feha6zbrjz4yD8vtmk1caVmvbqOxE MsS7GKyFdRxvqWoCG1boIZZ5aKFCgXug4cY1nARJo4tadF3W3lZw9LP9+kdDJ0Z8 4zfzd1fa0tn6Bk9lqVvaks3zVxLA2Iev0yaLGpWPbsrqiSEnB/e1tWAQX7CVRUNT kY48YpAsGraOyjTMkmLyeXNYHwdNYfKR27DK/4CpXeVzqADlMqKtFOp0lvQhF54t KcBvJjvQsJ5ua7qjoJS97SLlMp7aZ3DvBnz28hn3vDp5iqFDTdLSmuPqJGy5JAOD JdijjSFCB2tTjDLBha+1mGAB2kJG8Kj0rcEiQTyFARejOoCIQg9R3EWfp5HI8DCn e4fGZdRATm6Qe9ofBlVmKmVpV36NaiZuy3UA8lhKTlJsjIhwnFB/WknG93/G64HK wMSkbbXDPoYgH06emh0RIXzddfHHO+mZBgUysHBX5pE0KdDazPleFGn5yOdlX8k5 5OT35Cga+hRVT9KNQfz4Me0AEt0kEwyMIUM6R49KvB8eQ9Az1OjO0yWONz4F5mDW 0HoSJCW+9gZzljIebL+odSyT/dvUZpP/xVzE8DRukDyn99GY6y4= =vCuc -----END PGP SIGNATURE----- . Description:
Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/
Security fixes:
-
node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
-
follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
-
nconf: Prototype pollution in memory store (CVE-2022-21803)
-
golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
Moment.js: Path traversal in moment.locale (CVE-2022-24785)
-
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
-
go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810)
Bug fixes:
-
RHACM 2.3.11 images (BZ# 2082087)
-
Bugs fixed (https://bugzilla.redhat.com/):
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2074689 - CVE-2022-21803 nconf: Prototype pollution in memory store 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2082087 - RHACM 2.3.11 images 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
- Summary:
The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2057579 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings 2072311 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x 2074044 - [MTC] Rsync pods are not running as privileged 2074553 - Upstream Hook Runner image requires arguments be in a different order
- Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Real Time (v. 8) - x86_64 Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
-
kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
-
kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)
-
kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)
-
kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)
-
kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)
-
kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)
-
kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)
-
kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)
-
kernel: possible use-after-free in bluetooth module (CVE-2021-3752)
-
kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)
-
kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)
-
kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)
-
kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773)
-
kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)
-
kernel: security regression for CVE-2018-13405 (CVE-2021-4037)
-
kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)
-
kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)
-
kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)
-
kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)
-
hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)
-
kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)
-
kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)
-
kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)
-
kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)
-
kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)
-
kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)
-
kernel: use-after-free in the TEE subsystem (CVE-2021-44733)
-
kernel: information leak in the IPv6 implementation (CVE-2021-45485)
-
kernel: information leak in the IPv4 implementation (CVE-2021-45486)
-
hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)
-
hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)
-
kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)
-
kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)
-
kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)
-
kernel: use-after-free in nouveau kernel module (CVE-2020-27820)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1901726 - CVE-2020-27820 kernel: use-after-free in nouveau kernel module 1903578 - kernnel-rt-debug: do not call blocking ops when !TASK_RUNNING; state=1 set at [<0000000050e86018>] handle_userfault+0x530/0x1820 1905749 - kernel-rt-debug: BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:968 1919791 - CVE-2020-0404 kernel: avoid cyclic entity chains due to malformed USB descriptors 1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation 1951739 - CVE-2021-42739 kernel: Heap buffer overflow in firedtv driver 1974079 - CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() 1985353 - CVE-2021-37159 kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c 1986473 - CVE-2021-3669 kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts 1997467 - CVE-2021-3764 kernel: DoS in ccp_run_aes_gcm_cmd() function 1997961 - CVE-2021-3743 kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c 1999544 - CVE-2021-3752 kernel: possible use-after-free in bluetooth module 1999675 - CVE-2021-3759 kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks 2000627 - CVE-2021-3744 kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() 2000694 - CVE-2021-3772 kernel: sctp: Invalid chunks may be used to remotely remove existing associations 2004949 - CVE-2021-3773 kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients 2010463 - CVE-2021-41864 kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write 2013180 - CVE-2021-43389 kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c 2014230 - CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies 2016169 - CVE-2020-13974 kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c 2018205 - CVE-2021-0941 kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free 2025003 - CVE-2021-43976 kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device 2025726 - CVE-2021-4002 kernel: possible leak or coruption of data residing on hugetlbfs 2027239 - CVE-2021-4037 kernel: security regression for CVE-2018-13405 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it 2030747 - CVE-2021-44733 kernel: use-after-free in the TEE subsystem 2034342 - CVE-2021-4157 kernel: Buffer overwrite in decode_nfs_fh function 2035652 - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks 2036934 - CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses 2037019 - CVE-2022-0286 kernel: Local denial of service in bond_ipsec_add_sa 2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation 2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation 2042822 - CVE-2022-0322 kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c 2061700 - CVE-2021-26401 hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 2061712 - CVE-2022-0001 hw: cpu: intel: Branch History Injection (BHI) 2061721 - CVE-2022-0002 hw: cpu: intel: Intra-Mode BTI 2064855 - CVE-2022-1011 kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes
- Package List:
Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source: kernel-rt-4.18.0-372.9.1.rt7.166.el8.src.rpm
x86_64: kernel-rt-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-kvm-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-kvm-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
Red Hat Enterprise Linux Real Time (v. 8):
Source: kernel-rt-4.18.0-372.9.1.rt7.166.el8.src.rpm
x86_64: kernel-rt-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYnqRVtzjgjWX9erEAQjwiA//R/ZVJ7xroUR7Uf1az+8xZqs4OZQADIUc /92cDd6MRyzkvwQx5u7JmD5E6KbRf3NGfDsuoC0jVJJJcp8GT0tWkxPIjCi2RNbI /9nlbkfp0eQqRGmpL753W/7sfzAnbiOeP47rr+lJU24OBDcbrZn5X3Ex0EdzcdeD fmVnAxB8bsXyZwcnX9m6mVlBxY+fm6SC78O+/rPzVUHl5NhQASqi0sYSwydyqZvG a/9p5gXd9nnyV7NtJj58pS7brxQFq4RcM5VhTjix3a/ZaZEwT+nDMj3+RXXwUhGe HJ6AdJoNI19huMXtn/fYhomb/LIHQos+kHQrBbJ+KmaFE4DD08Uv2uHSyeEe1ksT oUwcGcIbSta6LBNO60Lh0XVj6FgFWNnNsAGX27nxCHfzDjuJ3U4Tyh8gL+ID2K1t 3nwoQl5gxUokFS0sUIuD0pj2LFW1vg2E2pMcbzPDqFwj0MXn5DpTb4qeuiRWzA05 s+upi3Cd6XmRNKPH8DDOrGNGW0dJqJtuXhUmziZjKPMJK5Ygnhoc+3hYG/EJzGiq S/VHXR5hnJ+RAPz2U8rETfCW2Dvz7lCUh5rJGg/8f8MCyAMCPpFqXbkNvpt3BIKy 2SLBhh0Mci1fprA35q2eNCjduntja3oxnVx+YAKPM30hzE7ejwHFEZHPGOdKB0q/ aHIZwOKDLaE= =hqV1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5368-1 April 06, 2022
linux-azure-5.13, linux-oracle-5.13 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description: - linux-azure-5.13: Linux kernel for Microsoft Azure cloud systems - linux-oracle-5.13: Linux kernel for Oracle Cloud systems
Details:
It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-23222)
It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1055)
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. (CVE-2022-0492)
J\xfcrgen Gro\xdf discovered that the Xen subsystem within the Linux kernel did not adequately limit the number of events driver domains (unprivileged PV backends) could send to other guest VMs. An attacker in a driver domain could use this to cause a denial of service in other guest VMs. (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)
J\xfcrgen Gro\xdf discovered that the Xen network backend driver in the Linux kernel did not adequately limit the amount of queued packets when a guest did not process them. An attacker in a guest VM can use this to cause a denial of service (excessive kernel memory consumption) in the network backend domain. (CVE-2021-28714, CVE-2021-28715)
Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685)
It was discovered that a race condition existed in the poll implementation in the Linux kernel, resulting in a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39698)
It was discovered that the simulated networking device driver for the Linux kernel did not properly initialize memory in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4135)
Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. (CVE-2021-4197)
Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device driver in the Linux kernel did not properly validate meta-data coming from the device. A local attacker who can control an emulated device can use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-43975)
It was discovered that the ARM Trusted Execution Environment (TEE) subsystem in the Linux kernel contained a race condition leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-44733)
It was discovered that the Phone Network protocol (PhoNet) implementation in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45095)
It was discovered that the eBPF verifier in the Linux kernel did not properly perform bounds checking on mov32 operations. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2021-45402)
It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2021-45480)
It was discovered that the BPF subsystem in the Linux kernel did not properly track pointer types on atomic fetch operations in some situations. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2022-0264)
It was discovered that the TIPC Protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-0382)
Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435)
It was discovered that the KVM implementation for s390 systems in the Linux kernel did not properly prevent memory operations on PVM guests that were in non-protected mode. A local attacker could use this to obtain unauthorized memory write access. (CVE-2022-0516)
It was discovered that the ICMPv6 implementation in the Linux kernel did not properly deallocate memory in certain situations. A remote attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2022-0742)
It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-27666)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: linux-image-5.13.0-1021-azure 5.13.0-1021.24~20.04.1 linux-image-5.13.0-1025-oracle 5.13.0-1025.30~20.04.1 linux-image-azure 5.13.0.1021.24~20.04.10 linux-image-oracle 5.13.0.1025.30~20.04.1
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: https://ubuntu.com/security/notices/USN-5368-1 CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-39698, CVE-2021-4135, CVE-2021-4197, CVE-2021-43975, CVE-2021-44733, CVE-2021-45095, CVE-2021-45402, CVE-2021-45480, CVE-2022-0264, CVE-2022-0382, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0742, CVE-2022-1055, CVE-2022-23222, CVE-2022-27666
Package Information: https://launchpad.net/ubuntu/+source/linux-azure-5.13/5.13.0-1021.24~20.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.13/5.13.0-1025.30~20.04.1
. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.45. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHBA-2022:5878
Space precludes documenting all of the container images in this advisory.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.45-x86_64
The image digest is sha256:8ab373599e8a010dffb9c7ed45e01c00cb06a7857fe21de102d978be4738b2ec
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.45-s390x
The image digest is sha256:1dde8a7134081c82012a812e014daca4cba1095630e6d0c74b51da141d472984
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.45-ppc64le
The image digest is sha256:ec1fac628bec05eb6425c2ae9dcd3fca120cd1a8678155350bb4c65813cfc30e
All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2009024 - Unable to complete cluster destruction, some ports are left over 2055494 - console operator should report Upgradeable False when SAN-less certs are used 2083554 - post 1.23 rebase: regression in service-load balancer reliability 2087021 - configure-ovs.sh fails, blocking new RHEL node from being scaled up on cluster without manual reboot 2088539 - Openshift route URLs starting with double slashes stopped working after update to 4.8.33 - curl version problems 2091806 - Cluster upgrade stuck due to "resource deletions in progress" 2095320 - [4.9] Bootimage bump tracker 2097157 - [4.9z] During ovnkube-node restart all host conntrack entries are flushed, leading to traffic disruption 2100786 - [OCP 4.9] Ironic cannot match "wwn" rootDeviceHint for a multipath device 2101664 - disabling ipv6 router advertisements using "all" does not disable it on secondary interfaces 2101959 - CVE-2022-2403 openshift: oauth-serving-cert configmap contains cluster certificate private key 2103982 - [4.9] AWS EBS CSI driver stuck removing EBS volumes - GetDeviceMountRefs check failed 2105277 - NetworkPolicies: ovnkube-master pods crashing due to panic: "invalid memory address or nil pointer dereference" 2105453 - Node reboot causes duplicate persistent volumes 2105654 - egressIP panics with nil pointer dereference 2105663 - APIRequestCount does not identify some APIs removed in 4.9 2106655 - Kubelet slowly leaking memory and pods eventually unable to start 2108538 - [4.9.z backport] br-ex not created due to default bond interface having a different mac address than expected 2108619 - ClusterVersion history pruner does not always retain initial completed update entry
- (CVE-2022-1516)
Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-0496",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.15"
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.11"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.4.189"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.19.238"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.15.14"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "4.14.276"
},
{
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "5.5"
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"model": "kernel",
"scope": "lt",
"trust": 1.0,
"vendor": "linux",
"version": "5.10.111"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.20"
},
{
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "kernel",
"scope": "gte",
"trust": 1.0,
"vendor": "linux",
"version": "4.2"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4197"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167622"
},
{
"db": "PACKETSTORM",
"id": "167330"
},
{
"db": "PACKETSTORM",
"id": "167072"
},
{
"db": "PACKETSTORM",
"id": "168019"
}
],
"trust": 0.4
},
"cve": "CVE-2021-4197",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-4197",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-410862",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-4197",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-4197",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-410862",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-4197",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410862"
},
{
"db": "VULMON",
"id": "CVE-2021-4197"
},
{
"db": "NVD",
"id": "CVE-2021-4197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unprivileged write to the file handler flaw in the Linux kernel\u0027s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5127-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMay 02, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2021-4197 CVE-2022-0168 CVE-2022-1016 CVE-2022-1048\n CVE-2022-1158 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199\n CVE-2022-1204 CVE-2022-1205 CVE-2022-1353 CVE-2022-1516\n CVE-2022-26490 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388\n CVE-2022-28389 CVE-2022-28390 CVE-2022-29582\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks. The security impact is negligible as\n CAP_SYS_ADMIN inherently gives the ability to deny service. \n\nCVE-2022-1016\n\n David Bouman discovered a flaw in the netfilter subsystem where the\n nft_do_chain function did not initialize register data that\n nf_tables expressions can read from and write to. A local user with access to\n /dev/kvm could cause the MMU emulator to update page table entry\n flags at the wrong address. \n\nCVE-2022-1195\n\n Lin Ma discovered race conditions in the 6pack and mkiss hamradio\n drivers, which could lead to a use-after-free. \n\nCVE-2022-1198\n\n Duoming Zhou discovered a race condition in the 6pack hamradio\n driver, which could lead to a use-after-free. \n\nCVE-2022-1199, CVE-2022-1204, CVE-2022-1205\n\n Duoming Zhou discovered race conditions in the AX.25 hamradio\n protocol, which could lead to a use-after-free or null pointer\n dereference. \n\nCVE-2022-1353\n\n The TCS Robot tool found an information leak in the PF_KEY\n subsystem. \n\nCVE-2022-1516\n\n A NULL pointer dereference flaw in the implementation of the X.25\n set of standardized network protocols, which can result in denial\n of service. \n\n This driver is not enabled in Debian\u0027s official kernel\n configurations. \n\n This driver is not enabled in Debian\u0027s official kernel\n configurations. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 5.10.113-1. \n\nWe recommend that you upgrade your linux packages. \n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmJwRg9fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0S8bw//bsMGzd7yC5QHR9/G3Vxn10HSYSy9vkPdOrg9nt58xCygMTvj9G4Ur7P5\nSqPulxdczzDQgAEl/UVzmCifFMAbfi77w+0feha6zbrjz4yD8vtmk1caVmvbqOxE\nMsS7GKyFdRxvqWoCG1boIZZ5aKFCgXug4cY1nARJo4tadF3W3lZw9LP9+kdDJ0Z8\n4zfzd1fa0tn6Bk9lqVvaks3zVxLA2Iev0yaLGpWPbsrqiSEnB/e1tWAQX7CVRUNT\nkY48YpAsGraOyjTMkmLyeXNYHwdNYfKR27DK/4CpXeVzqADlMqKtFOp0lvQhF54t\nKcBvJjvQsJ5ua7qjoJS97SLlMp7aZ3DvBnz28hn3vDp5iqFDTdLSmuPqJGy5JAOD\nJdijjSFCB2tTjDLBha+1mGAB2kJG8Kj0rcEiQTyFARejOoCIQg9R3EWfp5HI8DCn\ne4fGZdRATm6Qe9ofBlVmKmVpV36NaiZuy3UA8lhKTlJsjIhwnFB/WknG93/G64HK\nwMSkbbXDPoYgH06emh0RIXzddfHHO+mZBgUysHBX5pE0KdDazPleFGn5yOdlX8k5\n5OT35Cga+hRVT9KNQfz4Me0AEt0kEwyMIUM6R49KvB8eQ9Az1OjO0yWONz4F5mDW\n0HoSJCW+9gZzljIebL+odSyT/dvUZpP/xVzE8DRukDyn99GY6y4=\n=vCuc\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.3.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following Release Notes documentation, which will be updated\nshortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity fixes: \n\n* node-fetch: exposure of sensitive information to an unauthorized actor\n(CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization\nHeader leak (CVE-2022-0536)\n\n* nconf: Prototype pollution in memory store (CVE-2022-21803)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n(CVE-2022-23806)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* go-getter: writes SSH credentials into logfile, exposing sensitive\ncredentials to local uses (CVE-2022-29810)\n\nBug fixes:\n\n* RHACM 2.3.11 images (BZ# 2082087)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor\n2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak\n2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2074689 - CVE-2022-21803 nconf: Prototype pollution in memory store\n2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses\n2082087 - RHACM 2.3.11 images\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n\n5. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.5 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)\n2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes\n2057579 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings\n2072311 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x\n2074044 - [MTC] Rsync pods are not running as privileged\n2074553 - Upstream Hook Runner image requires arguments be in a different order\n\n5. Summary:\n\nAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Real Time (v. 8) - x86_64\nRed Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nSecurity Fix(es):\n\n* kernel: fget: check that the fd still exists after getting a ref to it\n(CVE-2021-4083)\n\n* kernel: avoid cyclic entity chains due to malformed USB descriptors\n(CVE-2020-0404)\n\n* kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c\n(CVE-2020-13974)\n\n* kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a\nuse-after-free (CVE-2021-0941)\n\n* kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()\n(CVE-2021-3612)\n\n* kernel: reading /proc/sysvipc/shm does not scale with large shared memory\nsegment counts (CVE-2021-3669)\n\n* kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c\n(CVE-2021-3743)\n\n* kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()\n(CVE-2021-3744)\n\n* kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n* kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg\nlimits and DoS attacks (CVE-2021-3759)\n\n* kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n* kernel: sctp: Invalid chunks may be used to remotely remove existing\nassociations (CVE-2021-3772)\n\n* kernel: lack of port sanity checking in natd and netfilter leads to\nexploit of OpenVPN clients (CVE-2021-3773)\n\n* kernel: possible leak or coruption of data residing on hugetlbfs\n(CVE-2021-4002)\n\n* kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n* kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n* kernel: cgroup: Use open-time creds and namespace for migration perm\nchecks (CVE-2021-4197)\n\n* kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses\n(CVE-2021-4203)\n\n* kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed\npackets replies (CVE-2021-20322)\n\n* hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n* kernel: Local privilege escalation due to incorrect BPF JIT branch\ndisplacement computation (CVE-2021-29154)\n\n* kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c\n(CVE-2021-37159)\n\n* kernel: eBPF multiplication integer overflow in\nprealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to\nout-of-bounds write (CVE-2021-41864)\n\n* kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n* kernel: an array-index-out-bounds in detach_capi_ctr in\ndrivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n* kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c\nallows an attacker to cause DoS via crafted USB device (CVE-2021-43976)\n\n* kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n* kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n* kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n* hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n* hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n* kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n* kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c\n(CVE-2022-0322)\n\n* kernel: FUSE allows UAF reads of write() buffers, allowing theft of\n(partial) /etc/shadow hashes (CVE-2022-1011)\n\n* kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1901726 - CVE-2020-27820 kernel: use-after-free in nouveau kernel module\n1903578 - kernnel-rt-debug: do not call blocking ops when !TASK_RUNNING; state=1 set at [\u003c0000000050e86018\u003e] handle_userfault+0x530/0x1820\n1905749 - kernel-rt-debug: BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:968\n1919791 - CVE-2020-0404 kernel: avoid cyclic entity chains due to malformed USB descriptors\n1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation\n1951739 - CVE-2021-42739 kernel: Heap buffer overflow in firedtv driver\n1974079 - CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()\n1985353 - CVE-2021-37159 kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c\n1986473 - CVE-2021-3669 kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts\n1997467 - CVE-2021-3764 kernel: DoS in ccp_run_aes_gcm_cmd() function\n1997961 - CVE-2021-3743 kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c\n1999544 - CVE-2021-3752 kernel: possible use-after-free in bluetooth module\n1999675 - CVE-2021-3759 kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks\n2000627 - CVE-2021-3744 kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()\n2000694 - CVE-2021-3772 kernel: sctp: Invalid chunks may be used to remotely remove existing associations\n2004949 - CVE-2021-3773 kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients\n2010463 - CVE-2021-41864 kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write\n2013180 - CVE-2021-43389 kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c\n2014230 - CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies\n2016169 - CVE-2020-13974 kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c\n2018205 - CVE-2021-0941 kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free\n2025003 - CVE-2021-43976 kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device\n2025726 - CVE-2021-4002 kernel: possible leak or coruption of data residing on hugetlbfs\n2027239 - CVE-2021-4037 kernel: security regression for CVE-2018-13405\n2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it\n2030747 - CVE-2021-44733 kernel: use-after-free in the TEE subsystem\n2034342 - CVE-2021-4157 kernel: Buffer overwrite in decode_nfs_fh function\n2035652 - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks\n2036934 - CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses\n2037019 - CVE-2022-0286 kernel: Local denial of service in bond_ipsec_add_sa\n2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation\n2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation\n2042822 - CVE-2022-0322 kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c\n2061700 - CVE-2021-26401 hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715\n2061712 - CVE-2022-0001 hw: cpu: intel: Branch History Injection (BHI)\n2061721 - CVE-2022-0002 hw: cpu: intel: Intra-Mode BTI\n2064855 - CVE-2022-1011 kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes\n\n6. Package List:\n\nRed Hat Enterprise Linux Real Time for NFV (v. 8):\n\nSource:\nkernel-rt-4.18.0-372.9.1.rt7.166.el8.src.rpm\n\nx86_64:\nkernel-rt-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-kvm-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debuginfo-common-x86_64-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-kvm-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\n\nRed Hat Enterprise Linux Real Time (v. 8):\n\nSource:\nkernel-rt-4.18.0-372.9.1.rt7.166.el8.src.rpm\n\nx86_64:\nkernel-rt-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-debuginfo-common-x86_64-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\nkernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYnqRVtzjgjWX9erEAQjwiA//R/ZVJ7xroUR7Uf1az+8xZqs4OZQADIUc\n/92cDd6MRyzkvwQx5u7JmD5E6KbRf3NGfDsuoC0jVJJJcp8GT0tWkxPIjCi2RNbI\n/9nlbkfp0eQqRGmpL753W/7sfzAnbiOeP47rr+lJU24OBDcbrZn5X3Ex0EdzcdeD\nfmVnAxB8bsXyZwcnX9m6mVlBxY+fm6SC78O+/rPzVUHl5NhQASqi0sYSwydyqZvG\na/9p5gXd9nnyV7NtJj58pS7brxQFq4RcM5VhTjix3a/ZaZEwT+nDMj3+RXXwUhGe\nHJ6AdJoNI19huMXtn/fYhomb/LIHQos+kHQrBbJ+KmaFE4DD08Uv2uHSyeEe1ksT\noUwcGcIbSta6LBNO60Lh0XVj6FgFWNnNsAGX27nxCHfzDjuJ3U4Tyh8gL+ID2K1t\n3nwoQl5gxUokFS0sUIuD0pj2LFW1vg2E2pMcbzPDqFwj0MXn5DpTb4qeuiRWzA05\ns+upi3Cd6XmRNKPH8DDOrGNGW0dJqJtuXhUmziZjKPMJK5Ygnhoc+3hYG/EJzGiq\nS/VHXR5hnJ+RAPz2U8rETfCW2Dvz7lCUh5rJGg/8f8MCyAMCPpFqXbkNvpt3BIKy\n2SLBhh0Mci1fprA35q2eNCjduntja3oxnVx+YAKPM30hzE7ejwHFEZHPGOdKB0q/\naHIZwOKDLaE=\n=hqV1\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5368-1\nApril 06, 2022\n\nlinux-azure-5.13, linux-oracle-5.13 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Linux kernel. \n\nSoftware Description:\n- linux-azure-5.13: Linux kernel for Microsoft Azure cloud systems\n- linux-oracle-5.13: Linux kernel for Oracle Cloud systems\n\nDetails:\n\nIt was discovered that the BPF verifier in the Linux kernel did not\nproperly restrict pointer types in certain situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2022-23222)\n\nIt was discovered that the network traffic control implementation in the\nLinux kernel contained a use-after-free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2022-1055)\n\nYiqi Sun and Kevin Wang discovered that the cgroups implementation in the\nLinux kernel did not properly restrict access to the cgroups v1\nrelease_agent feature. (CVE-2022-0492)\n\nJ\\xfcrgen Gro\\xdf discovered that the Xen subsystem within the Linux kernel did\nnot adequately limit the number of events driver domains (unprivileged PV\nbackends) could send to other guest VMs. An attacker in a driver domain\ncould use this to cause a denial of service in other guest VMs. \n(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\nJ\\xfcrgen Gro\\xdf discovered that the Xen network backend driver in the Linux\nkernel did not adequately limit the amount of queued packets when a guest\ndid not process them. An attacker in a guest VM can use this to cause a\ndenial of service (excessive kernel memory consumption) in the network\nbackend domain. (CVE-2021-28714, CVE-2021-28715)\n\nSzymon Heidrich discovered that the USB Gadget subsystem in the Linux\nkernel did not properly restrict the size of control requests for certain\ngadget types, leading to possible out of bounds reads or writes. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2021-39685)\n\nIt was discovered that a race condition existed in the poll implementation\nin the Linux kernel, resulting in a use-after-free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2021-39698)\n\nIt was discovered that the simulated networking device driver for the Linux\nkernel did not properly initialize memory in certain situations. A local\nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2021-4135)\n\nEric Biederman discovered that the cgroup process migration implementation\nin the Linux kernel did not perform permission checks correctly in some\nsituations. (CVE-2021-4197)\n\nBrendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device\ndriver in the Linux kernel did not properly validate meta-data coming from\nthe device. A local attacker who can control an emulated device can use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2021-43975)\n\nIt was discovered that the ARM Trusted Execution Environment (TEE)\nsubsystem in the Linux kernel contained a race condition leading to a use-\nafter-free vulnerability. A local attacker could use this to cause a denial\nof service or possibly execute arbitrary code. (CVE-2021-44733)\n\nIt was discovered that the Phone Network protocol (PhoNet) implementation\nin the Linux kernel did not properly perform reference counting in some\nerror conditions. A local attacker could possibly use this to cause a\ndenial of service (memory exhaustion). (CVE-2021-45095)\n\nIt was discovered that the eBPF verifier in the Linux kernel did not\nproperly perform bounds checking on mov32 operations. A local attacker\ncould use this to expose sensitive information (kernel pointer addresses). \n(CVE-2021-45402)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) protocol\nimplementation in the Linux kernel did not properly deallocate memory in\nsome error conditions. A local attacker could possibly use this to cause a\ndenial of service (memory exhaustion). (CVE-2021-45480)\n\nIt was discovered that the BPF subsystem in the Linux kernel did not\nproperly track pointer types on atomic fetch operations in some situations. \nA local attacker could use this to expose sensitive information (kernel\npointer addresses). (CVE-2022-0264)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel\ndid not properly initialize memory in some situations. A local attacker\ncould use this to expose sensitive information (kernel memory). \n(CVE-2022-0382)\n\nSamuel Page discovered that the Transparent Inter-Process Communication\n(TIPC) protocol implementation in the Linux kernel contained a stack-based\nbuffer overflow. A remote attacker could use this to cause a denial of\nservice (system crash) for systems that have a TIPC bearer configured. \n(CVE-2022-0435)\n\nIt was discovered that the KVM implementation for s390 systems in the Linux\nkernel did not properly prevent memory operations on PVM guests that were\nin non-protected mode. A local attacker could use this to obtain\nunauthorized memory write access. (CVE-2022-0516)\n\nIt was discovered that the ICMPv6 implementation in the Linux kernel did\nnot properly deallocate memory in certain situations. A remote attacker\ncould possibly use this to cause a denial of service (memory exhaustion). \n(CVE-2022-0742)\n\nIt was discovered that the IPsec implementation in the Linux kernel did not\nproperly allocate enough memory when performing ESP transformations,\nleading to a heap-based buffer overflow. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2022-27666)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n linux-image-5.13.0-1021-azure 5.13.0-1021.24~20.04.1\n linux-image-5.13.0-1025-oracle 5.13.0-1025.30~20.04.1\n linux-image-azure 5.13.0.1021.24~20.04.10\n linux-image-oracle 5.13.0.1025.30~20.04.1\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5368-1\n CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714,\n CVE-2021-28715, CVE-2021-39685, CVE-2021-39698, CVE-2021-4135,\n CVE-2021-4197, CVE-2021-43975, CVE-2021-44733, CVE-2021-45095,\n CVE-2021-45402, CVE-2021-45480, CVE-2022-0264, CVE-2022-0382,\n CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0742,\n CVE-2022-1055, CVE-2022-23222, CVE-2022-27666\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-azure-5.13/5.13.0-1021.24~20.04.1\n https://launchpad.net/ubuntu/+source/linux-oracle-5.13/5.13.0-1025.30~20.04.1\n\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.9.45. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHBA-2022:5878\n\nSpace precludes documenting all of the container images in this advisory. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.9.45-x86_64\n\nThe image digest is\nsha256:8ab373599e8a010dffb9c7ed45e01c00cb06a7857fe21de102d978be4738b2ec\n\n(For s390x architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.9.45-s390x\n\nThe image digest is\nsha256:1dde8a7134081c82012a812e014daca4cba1095630e6d0c74b51da141d472984\n\n(For ppc64le architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.9.45-ppc64le\n\nThe image digest is\nsha256:ec1fac628bec05eb6425c2ae9dcd3fca120cd1a8678155350bb4c65813cfc30e\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.9 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2009024 - Unable to complete cluster destruction, some ports are left over\n2055494 - console operator should report Upgradeable False when SAN-less certs are used\n2083554 - post 1.23 rebase: regression in service-load balancer reliability\n2087021 - configure-ovs.sh fails, blocking new RHEL node from being scaled up on cluster without manual reboot\n2088539 - Openshift route URLs starting with double slashes stopped working after update to 4.8.33 - curl version problems\n2091806 - Cluster upgrade stuck due to \"resource deletions in progress\"\n2095320 - [4.9] Bootimage bump tracker\n2097157 - [4.9z] During ovnkube-node restart all host conntrack entries are flushed, leading to traffic disruption\n2100786 - [OCP 4.9] Ironic cannot match \"wwn\" rootDeviceHint for a multipath device\n2101664 - disabling ipv6 router advertisements using \"all\" does not disable it on secondary interfaces\n2101959 - CVE-2022-2403 openshift: oauth-serving-cert configmap contains cluster certificate private key\n2103982 - [4.9] AWS EBS CSI driver stuck removing EBS volumes - GetDeviceMountRefs check failed\n2105277 - NetworkPolicies: ovnkube-master pods crashing due to panic: \"invalid memory address or nil pointer dereference\"\n2105453 - Node reboot causes duplicate persistent volumes\n2105654 - egressIP panics with nil pointer dereference\n2105663 - APIRequestCount does not identify some APIs removed in 4.9\n2106655 - Kubelet slowly leaking memory and pods eventually unable to start\n2108538 - [4.9.z backport] br-ex not created due to default bond interface having a different mac address than expected\n2108619 - ClusterVersion history pruner does not always retain initial completed update entry\n\n5. (CVE-2022-1516)\n\nDemi Marie Obenour and Simon Gaiser discovered that several Xen para-\nvirtualization device frontends did not properly restrict the access rights\nof device backends",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-4197"
},
{
"db": "VULHUB",
"id": "VHN-410862"
},
{
"db": "VULMON",
"id": "CVE-2021-4197"
},
{
"db": "PACKETSTORM",
"id": "169305"
},
{
"db": "PACKETSTORM",
"id": "167622"
},
{
"db": "PACKETSTORM",
"id": "167330"
},
{
"db": "PACKETSTORM",
"id": "167072"
},
{
"db": "PACKETSTORM",
"id": "167748"
},
{
"db": "PACKETSTORM",
"id": "166636"
},
{
"db": "PACKETSTORM",
"id": "168019"
},
{
"db": "PACKETSTORM",
"id": "167443"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-410862",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410862"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-4197",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "167443",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168019",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167748",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167072",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167694",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167746",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168136",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166392",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167097",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167952",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167822",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167886",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167852",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202201-1396",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-68560",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-410862",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-4197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167622",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167330",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410862"
},
{
"db": "VULMON",
"id": "CVE-2021-4197"
},
{
"db": "PACKETSTORM",
"id": "169305"
},
{
"db": "PACKETSTORM",
"id": "167622"
},
{
"db": "PACKETSTORM",
"id": "167330"
},
{
"db": "PACKETSTORM",
"id": "167072"
},
{
"db": "PACKETSTORM",
"id": "167748"
},
{
"db": "PACKETSTORM",
"id": "166636"
},
{
"db": "PACKETSTORM",
"id": "168019"
},
{
"db": "PACKETSTORM",
"id": "167443"
},
{
"db": "NVD",
"id": "CVE-2021-4197"
}
]
},
"id": "VAR-202201-0496",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-410862"
}
],
"trust": 0.725
},
"last_update_date": "2025-12-22T21:46:23.137000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: Important: kernel-rt security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225633 - Security Advisory"
},
{
"title": "Red Hat: Important: kernel security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225626 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.10.25 bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225730 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-4197"
},
{
"title": "Ubuntu Security Notice: USN-5500-1: Linux kernel vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5500-1"
},
{
"title": "Ubuntu Security Notice: USN-5541-1: Linux kernel (Azure) vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5541-1"
},
{
"title": "Ubuntu Security Notice: USN-5515-1: Linux kernel vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5515-1"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.4-2022-023",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.4-2022-023"
},
{
"title": "Amazon Linux 2: ALAS2KERNEL-5.10-2022-011",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2KERNEL-5.10-2022-011"
},
{
"title": "Ubuntu Security Notice: USN-5368-1: Linux kernel vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5368-1"
},
{
"title": "Ubuntu Security Notice: USN-5513-1: Linux kernel (AWS) vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5513-1"
},
{
"title": "Ubuntu Security Notice: USN-5278-1: Linux kernel (OEM) vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5278-1"
},
{
"title": "Ubuntu Security Notice: USN-5505-1: Linux kernel vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5505-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1571",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1571"
},
{
"title": "Red Hat: Important: kernel security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221988 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: USN-5337-1: Linux kernel vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5337-1"
},
{
"title": "Ubuntu Security Notice: USN-5467-1: Linux kernel vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5467-1"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224814 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-5127-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=46ac8c0354184763812b1f853ffa31b9"
},
{
"title": "Red Hat: Important: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224956 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225483 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225201 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225392 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1761",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1761"
},
{
"title": "Debian Security Advisories: DSA-5173-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=acd6d70f5129be4a1390575252ec92a6"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-4197"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410862"
},
{
"db": "NVD",
"id": "CVE-2021-4197"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20220602-0006/"
},
{
"trust": 1.2,
"url": "https://www.debian.org/security/2022/dsa-5127"
},
{
"trust": 1.2,
"url": "https://www.debian.org/security/2022/dsa-5173"
},
{
"trust": 1.2,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035652"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.0,
"url": "https://lore.kernel.org/lkml/20211209214707.805617-1-tj%40kernel.org/t/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4197"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-4197"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-4203"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1353"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1198"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1516"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3752"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4157"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3669"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3744"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13974"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-45485"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3773"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4002"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-43976"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-0941"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-43389"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27820"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-44733"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4037"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-29154"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37159"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3772"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-0404"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3669"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3764"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-20322"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3612"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-41864"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0941"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3612"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-26401"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-27820"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3743"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1011"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13974"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20322"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4083"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-45486"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0322"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26401"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0286"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0001"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3759"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0002"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-42739"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0404"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3772"
},
{
"trust": 0.2,
"url": "https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/t/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27666"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1158"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1204"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41617"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-4189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21781"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-4788"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-43056"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-4788"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-21781"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-25032"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3752"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3773"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3743"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37159"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3759"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4002"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3744"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4203"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1011"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28389"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5500-1"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-4197"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26490"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1016"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1048"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/linux"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21803"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3697"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5392"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29810"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-19131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35492"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3737"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-19131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4083"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43389"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4037"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4157"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41864"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.15.0-189.200"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1133.143"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5515-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1131.147"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1102.113"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1146.161"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1123.128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2380"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1137.148"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1115.123"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0382"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0264"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43975"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.13/5.13.0-1021.24~20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45095"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.13/5.13.0-1025.30~20.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0742"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5368-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45480"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21540"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29368"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2022:5878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2403"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24958"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1065.75"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1083.87"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1078.84"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/5.4.0-117.132"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-117.132~18.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23039"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1074.79~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1065.75~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-ibm-5.4/5.4.0-1026.29~18.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28390"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1966"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1046.48~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1083.87~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1078.84"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1076.83"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1076.83~18.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21499"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1078.84~18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-azure-fde/5.4.0-1083.87+cvm1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1026.29"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1074.79"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1068.72"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26966"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5467-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1046.48"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28356"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-410862"
},
{
"db": "VULMON",
"id": "CVE-2021-4197"
},
{
"db": "PACKETSTORM",
"id": "169305"
},
{
"db": "PACKETSTORM",
"id": "167622"
},
{
"db": "PACKETSTORM",
"id": "167330"
},
{
"db": "PACKETSTORM",
"id": "167072"
},
{
"db": "PACKETSTORM",
"id": "167748"
},
{
"db": "PACKETSTORM",
"id": "166636"
},
{
"db": "PACKETSTORM",
"id": "168019"
},
{
"db": "PACKETSTORM",
"id": "167443"
},
{
"db": "NVD",
"id": "CVE-2021-4197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-410862"
},
{
"db": "VULMON",
"id": "CVE-2021-4197"
},
{
"db": "PACKETSTORM",
"id": "169305"
},
{
"db": "PACKETSTORM",
"id": "167622"
},
{
"db": "PACKETSTORM",
"id": "167330"
},
{
"db": "PACKETSTORM",
"id": "167072"
},
{
"db": "PACKETSTORM",
"id": "167748"
},
{
"db": "PACKETSTORM",
"id": "166636"
},
{
"db": "PACKETSTORM",
"id": "168019"
},
{
"db": "PACKETSTORM",
"id": "167443"
},
{
"db": "NVD",
"id": "CVE-2021-4197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-410862"
},
{
"date": "2022-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4197"
},
{
"date": "2022-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169305"
},
{
"date": "2022-06-29T20:27:02",
"db": "PACKETSTORM",
"id": "167622"
},
{
"date": "2022-05-31T17:24:53",
"db": "PACKETSTORM",
"id": "167330"
},
{
"date": "2022-05-11T16:37:26",
"db": "PACKETSTORM",
"id": "167072"
},
{
"date": "2022-07-14T14:32:30",
"db": "PACKETSTORM",
"id": "167748"
},
{
"date": "2022-04-07T16:37:07",
"db": "PACKETSTORM",
"id": "166636"
},
{
"date": "2022-08-10T15:50:18",
"db": "PACKETSTORM",
"id": "168019"
},
{
"date": "2022-06-08T15:58:59",
"db": "PACKETSTORM",
"id": "167443"
},
{
"date": "2022-03-23T20:15:10.200000",
"db": "NVD",
"id": "CVE-2021-4197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-410862"
},
{
"date": "2022-07-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-4197"
},
{
"date": "2024-11-21T06:37:07.517000",
"db": "NVD",
"id": "CVE-2021-4197"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "167748"
},
{
"db": "PACKETSTORM",
"id": "166636"
},
{
"db": "PACKETSTORM",
"id": "167443"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian Security Advisory 5127-1",
"sources": [
{
"db": "PACKETSTORM",
"id": "169305"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "167748"
},
{
"db": "PACKETSTORM",
"id": "166636"
},
{
"db": "PACKETSTORM",
"id": "167443"
}
],
"trust": 0.3
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.