Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat: RHSA-2022:1263-01 Critical Update: DoS Risks in RHV-H

red hat
Calendar Grey April 7, 2022
Dist Redhat Esm H88
Urgent security patch released for Red Hat Virtualization Host addressing several significant vulnerabilities. Immediate action required!
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

Summary

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Security Fix(es):
* kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
* kernel: use-after-free in RDMA listen() (CVE-2021-4028)
* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
* kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)
* aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417)
* kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
* openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
* kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
* cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* RHV-H has been rebased on RHEL-7.9.z #13 (BZ#2048409)

References

https://access.redhat.com/security/cve/CVE-2021-0920 https://access.redhat.com/security/cve/CVE-2021-4028 https://access.redhat.com/security/cve/CVE-2021-4083 https://access.redhat.com/security/cve/CVE-2021-4155 https://access.redhat.com/security/cve/CVE-2021-45417 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Virtualization 4 Hypervisor for RHEL 7:
Source: redhat-virtualization-host-4.3.22-20220330.1.el7_9.src.rpm
noarch: redhat-virtualization-host-image-update-4.3.22-20220330.1.el7_9.noarch.rpm
RHEL 7-based RHEV-H for RHEV 4 (build requirements):
Source: redhat-release-virtualization-host-4.3.22-1.el7ev.src.rpm redhat-virtualization-host-4.3.22-20220330.1.el7_9.src.rpm redhat-virtualization-host-productimg-4.3.22-1.el7.src.rpm
noarch: redhat-virtualization-host-image-update-4.3.22-20220330.1.el7_9.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.3.22-1.el7ev.noarch.rpm
x86_64: redhat-release-virtualization-host-4.3.22-1.el7ev.x86_64.rpm redhat-virtualization-host-productimg-4.3.22-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:1263-01
Product: Red Hat Virtualization
Issue date: 2022-04-07

Topic

An update for redhat-release-virtualization-host andredhat-virtualization-host is now available for Red Hat Virtualization 4for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

RHEL 7-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64

Red Hat Virtualization 4 Hypervisor for RHEL 7 - noarch

Bugs Fixed

2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()

2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it

2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation

2034813 - CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL

2041489 - CVE-2021-45417 aide: heap-based buffer overflow on outputs larger than B64_BUF

2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush

2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation

2048409 - Rebase RHV-H 4.3 on RHEL 7.9 batch #13

2055326 - CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()

2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here