ID

VAR-202201-0496


CVE

CVE-2021-4197


TITLE

Linux Kernel  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-019487

DESCRIPTION

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. Linux Kernel There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.5 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security fixes: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * nconf: Prototype pollution in memory store (CVE-2022-21803) * golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * Moment.js: Path traversal in moment.locale (CVE-2022-24785) * dset: Prototype Pollution in dset (CVE-2022-25645) * golang: syscall: faccessat checks wrong group (CVE-2022-29526) * go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses (CVE-2022-29810) Bug fixes: * Trying to create a new cluster on vSphere and no feedback, stuck in "creating" (BZ# 1937078) * Wrong message is displayed when GRC fails to connect to an Ansible Tower (BZ# 2051752) * multicluster_operators_hub_subscription issues due to /tmp usage (BZ# 2052702) * Create Cluster, Worker Pool 2 zones do not load options that relate to the selected Region field (BZ# 2054954) * Changing the multiclusterhub name other than the default name keeps the version in the web console loading (BZ# 2059822) * search-redisgraph-0 generating massive amount of logs after 2.4.2 upgrade (BZ# 2065318) * Uninstall pod crashed when destroying Azure Gov cluster in ACM (BZ# 2073562) * Deprovisioned clusters not filtered out by discovery controller (BZ# 2075594) * When deleting a secret for a Helm application, duplicate errors show up in topology (BZ# 2075675) * Changing existing placement rules does not change YAML file Regression (BZ# 2075724) * Editing Helm Argo Applications does not Prune Old Resources (BZ# 2079906) * Failed to delete the requested resource [404] error appears after subscription is deleted and its placement rule is used in the second subscription (BZ# 2080713) * Typo in the logs when Deployable is updated in the subscription namespace (BZ# 2080960) * After Argo App Sets are created in an Upgraded Environment, the Clusters column does not indicate the clusters (BZ# 2080716) * RHACM 2.4.5 images (BZ# 2081438) * Performance issue to get secret in claim-controller (BZ# 2081908) * Failed to provision openshift 4.10 on bare metal (BZ# 2094109) 3. Bugs fixed (https://bugzilla.redhat.com/): 1937078 - Trying to create a new cluster on vSphere and no feedback, stuck in "creating" 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2051752 - Wrong message is displayed when GRC fails to connect to an ansible tower 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2052702 - multicluster_operators_hub_subscription issues due to /tmp usage 2053429 - CVE-2022-23806 golang: crypto/elliptic IsOnCurve returns true for invalid field elements 2054954 - Create Cluster, Worker Pool 2 zones do not load options that relate to the selected Region field 2059822 - Changing the multiclusterhub name other than the default name keeps the version in the web console loading. 2065318 - search-redisgraph-0 generating massive amount of logs after 2.4.2 upgrade 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073562 - Uninstall pod crashed when destroying Azure Gov cluster in ACM 2074689 - CVE-2022-21803 nconf: Prototype pollution in memory store 2075594 - Deprovisioned clusters not filtered out by discovery controller 2075675 - When deleting a secret for a Helm application, duplicate errors show up in topology 2075724 - Changing existing placement rules does not change YAML file 2079906 - Editing Helm Argo Applications does not Prune Old Resources 2080279 - CVE-2022-29810 go-getter: writes SSH credentials into logfile, exposing sensitive credentials to local uses 2080713 - Failed to delete the requested resource [404] error appears after subscription is deleted and it's placement rule is used in the second subscription [Upgrade] 2080716 - After Argo App Sets are created in an Upgraded Environment, the Clusters column does not indicate the clusters 2080847 - CVE-2022-25645 dset: Prototype Pollution in dset 2080960 - Typo in the logs when Deployable is updated in the subscription namespace 2081438 - RHACM 2.4.5 images 2081908 - Performance issue to get secret in claim-controller 2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group 2094109 - Failed to provision openshift 4.10 on bare metal 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2022:5626-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5626 Issue date: 2022-07-19 CVE Names: CVE-2020-29368 CVE-2021-4197 CVE-2021-4203 CVE-2022-1012 CVE-2022-1729 CVE-2022-32250 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012) * kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729) * kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-32250) * kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197) * kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203) * kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Failed to reboot after crash trigger (BZ#2060747) * conntrack entries linger around after test (BZ#2066357) * Enable nested virtualization (BZ#2079070) * slub corruption during LPM of hnv interface (BZ#2081251) * sleeping function called from invalid context at kernel/locking/spinlock_rt.c:35 (BZ#2082091) * Backport request of "genirq: use rcu in kstat_irqs_usr()" (BZ#2083309) * ethtool -L may cause system to hang (BZ#2083323) * For isolated CPUs (with nohz_full enabled for isolated CPUs) CPU utilization statistics are not getting reflected continuously (BZ#2084139) * Affinity broken due to vector space exhaustion (BZ#2084647) * kernel memory leak while freeing nested actions (BZ#2086597) * sync rhel-8.6 with upstream 5.13 through 5.16 fixes and improvements (BZ#2088037) * Kernel panic possibly when cleaning namespace on pod deletion (BZ#2089539) * Softirq hrtimers are being placed on the per-CPU softirq clocks on isolcpu’s. (BZ#2090485) * fix missed wake-ups in rq_qos_throttle try two (BZ#2092076) * NFS4 client experiencing IO outages while sending duplicate SYNs and erroneous RSTs during connection reestablishment (BZ#2094334) * using __this_cpu_read() in preemptible [00000000] code: kworker/u66:1/937154 (BZ#2095775) * Need some changes in RHEL8.x kernels. (BZ#2096932) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1903244 - CVE-2020-29368 kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check 2035652 - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks 2036934 - CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses 2064604 - CVE-2022-1012 kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak 2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation 2092427 - CVE-2022-32250 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.4): Source: kernel-4.18.0-305.57.1.el8_4.src.rpm aarch64: bpftool-4.18.0-305.57.1.el8_4.aarch64.rpm bpftool-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-core-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-cross-headers-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-core-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-devel-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-modules-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-modules-extra-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-devel-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-headers-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-modules-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-modules-extra-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-tools-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-tools-libs-4.18.0-305.57.1.el8_4.aarch64.rpm perf-4.18.0-305.57.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm python3-perf-4.18.0-305.57.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-305.57.1.el8_4.noarch.rpm kernel-doc-4.18.0-305.57.1.el8_4.noarch.rpm ppc64le: bpftool-4.18.0-305.57.1.el8_4.ppc64le.rpm bpftool-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-core-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-cross-headers-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-core-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-devel-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-modules-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-modules-extra-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-devel-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-headers-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-modules-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-modules-extra-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-tools-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-tools-libs-4.18.0-305.57.1.el8_4.ppc64le.rpm perf-4.18.0-305.57.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm python3-perf-4.18.0-305.57.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm s390x: bpftool-4.18.0-305.57.1.el8_4.s390x.rpm bpftool-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm kernel-4.18.0-305.57.1.el8_4.s390x.rpm kernel-core-4.18.0-305.57.1.el8_4.s390x.rpm kernel-cross-headers-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-core-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-devel-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-modules-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debug-modules-extra-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-305.57.1.el8_4.s390x.rpm kernel-devel-4.18.0-305.57.1.el8_4.s390x.rpm kernel-headers-4.18.0-305.57.1.el8_4.s390x.rpm kernel-modules-4.18.0-305.57.1.el8_4.s390x.rpm kernel-modules-extra-4.18.0-305.57.1.el8_4.s390x.rpm kernel-tools-4.18.0-305.57.1.el8_4.s390x.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-core-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-devel-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-modules-4.18.0-305.57.1.el8_4.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-305.57.1.el8_4.s390x.rpm perf-4.18.0-305.57.1.el8_4.s390x.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm python3-perf-4.18.0-305.57.1.el8_4.s390x.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.s390x.rpm x86_64: bpftool-4.18.0-305.57.1.el8_4.x86_64.rpm bpftool-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-core-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-cross-headers-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-core-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-devel-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-modules-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-devel-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-headers-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-modules-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-modules-extra-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-tools-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-tools-libs-4.18.0-305.57.1.el8_4.x86_64.rpm perf-4.18.0-305.57.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm python3-perf-4.18.0-305.57.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.4): aarch64: bpftool-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm kernel-tools-libs-devel-4.18.0-305.57.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm kernel-tools-libs-devel-4.18.0-305.57.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.57.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.57.1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuFkSdzjgjWX9erEAQhDCxAAknsy8K3eg1J603gMndUGWfI/Fs5VzIaH lxGavTw8H57lXRWbQYqJoRKk42uHAH2iCicovyvowJ5SdfnChtAVbG1A1wjJLmJJ 0YDKoeMn3s1jjThivm5rWGQVdImqLw+CxVvb3Pywv6ZswTI5r4ZB4FEXW8GIR1w2 1FeHTcwUgNLzeBLdVem1T50lWERG0j0ZGUmv9mu4QMDeWXoSoPcHKWnsmLgDvQif dVky3UsFoCJ783WJOIctmY97kOffqIDvZdbPwajAyTByspumtcwt6N7wMU6VfI+u B6bRGQgLbElY6IniLUsV7MG8GbbffZvPFNN/n6LdnnFgEt1eDlo6LkZCyPaMbEfx 2dMxJtcAiXmydMs5QXvNJ3y2UR2fp/iHF8euAnSN3eKTLAxDQwo3c4KvNUKAfFcF OAjbyLTilLhiPHRARG4aEWCEUSmfzO3rulNhRcIEWtNIira3/QMFG9qUjNAMvzU1 M4tMSPkH35gx49p2a6arZceUGDXiRwvrP142GzpAgRWt/GrydjAsRiG4pJM2H5TW nB5q7OuwEvch8+o8gJril5uOpm6eI1lylv9wTXbwjpzQqL5k2JcgByRWx8wLqYXy wXsBm+JZL9ztSadqoVsFWSqC0yeRkuF185F4gI7+7azjpeQhHtJEix3bgqRhIzK4 07JERnC1IRg= =y1sh -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5505-1 July 07, 2022 linux-lts-xenial, linux-kvm vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-kvm: Linux kernel for cloud environments - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) It was discovered that the Ion Memory Manager subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-39714) Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. (CVE-2021-4197) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system) or execute arbitrary code. (CVE-2022-1734) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. (CVE-2022-28356) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. (CVE-2022-28388) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: linux-image-4.4.0-1110-kvm 4.4.0-1110.120 linux-image-kvm 4.4.0.1110.107 Ubuntu 14.04 ESM: linux-image-4.4.0-229-generic 4.4.0-229.263~14.04.1 linux-image-4.4.0-229-lowlatency 4.4.0-229.263~14.04.1 linux-image-generic-lts-xenial 4.4.0.229.199 linux-image-lowlatency-lts-xenial 4.4.0.229.199 linux-image-virtual-lts-xenial 4.4.0.229.199 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5505-1 CVE-2021-3609, CVE-2021-3752, CVE-2021-3760, CVE-2021-39685, CVE-2021-39714, CVE-2021-4197, CVE-2021-4202, CVE-2022-0330, CVE-2022-1353, CVE-2022-1419, CVE-2022-1652, CVE-2022-1679, CVE-2022-1734, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-24958, CVE-2022-28356, CVE-2022-28388 . (CVE-2022-1516) Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.25. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2022:5729 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html Security Fix(es): * golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) * golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) * golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.25-x86_64 The image digest is sha256:ed84fb3fbe026b3bbb4a2637ddd874452ac49c6ead1e15675f257e28664879cc (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.25-s390x The image digest is sha256:a151628743b643e8ceda09dbd290aa4ac2787fc519365603a5612cb4d379d8e3 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.25-ppc64le The image digest is sha256:5ee9476628f198cdadd8f7afe6f117e8102eaafba8345e95d2f479c260eb0574 All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString 2060058 - superfluous apirequestcount entries in audit log 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2079034 - [4.10] Openshift Container Platform - Ingress Controller does not set allowPrivilegeEscalation in the router deployment 2094584 - VM with sysprep is failed to create 2095217 - VM SSH command generated by UI points at api VIP 2095319 - [4.10] Bootimage bump tracker 2098655 - gcp cluster rollback fails due to storage failure 2099526 - prometheus-adapter becomes inaccessible during rollout 2100894 - Possible to cause misconfiguration of container runtime soon after cluster creation 2100974 - Layout issue: No spacing in delete modals 2103175 - disabling ipv6 router advertisements using "all" does not disable it on secondary interfaces 2105110 - [VPA] recommender is logging errors for pods with init containers 2105275 - NodeIP is used instead of EgressIP 2105653 - egressIP panics with nil pointer dereference 2106385 - the cronjob object is created with a wrong api version batch/v1beta1 when created via the openshift console 2106842 - In CI 4.10 HAProxy must-gather takes longer than 10 minutes 2107276 - The ccoctl does not seem to know how to leverage the VMs service account to talk to GCP APIs. 2109125 - [4.10 Backport] Spoke BMH stuck "inspecting" when deployed via ZTP in 4.11 OCP hub 2109225 - Console 4.10 operand form refresh 2109235 - openshift-apiserver pods never going NotReady 5. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.4.z10 source tree (BZ#2087922) 4

Trust: 2.43

sources: NVD: CVE-2021-4197 // JVNDB: JVNDB-2021-019487 // VULHUB: VHN-410862 // PACKETSTORM: 167602 // PACKETSTORM: 167852 // PACKETSTORM: 167714 // PACKETSTORM: 167443 // PACKETSTORM: 167886 // PACKETSTORM: 167952 // PACKETSTORM: 167822 // PACKETSTORM: 167694

AFFECTED PRODUCTS

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:22.1.3

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.15

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.14.276

Trust: 1.0

vendor:netappmodel:h300sscope:eqversion: -

Trust: 1.0

vendor:netappmodel:h500sscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.15.14

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.2

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:22.2.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:broadcommodel:brocade fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.10.111

Trust: 1.0

vendor:netappmodel:h410sscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:4.19.238

Trust: 1.0

vendor:netappmodel:h410cscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.20

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.11

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.5

Trust: 1.0

vendor:linuxmodel:kernelscope:ltversion:5.4.189

Trust: 1.0

vendor:netappmodel:h700sscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:22.1.1

Trust: 1.0

vendor:netappmodel:h300sscope: - version: -

Trust: 0.8

vendor:netappmodel:h410sscope: - version: -

Trust: 0.8

vendor:netappmodel:h700sscope: - version: -

Trust: 0.8

vendor:netappmodel:h410cscope: - version: -

Trust: 0.8

vendor:netappmodel:h500sscope: - version: -

Trust: 0.8

vendor:linuxmodel:kernelscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications cloud native core binding support functionscope: - version: -

Trust: 0.8

vendor:broadcommodel:brocade fabric osscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-019487 // NVD: CVE-2021-4197

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-4197
value: HIGH

Trust: 1.0

NVD: CVE-2021-4197
value: HIGH

Trust: 0.8

VULHUB: VHN-410862
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-4197
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-410862
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-4197
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-4197
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-410862 // JVNDB: JVNDB-2021-019487 // NVD: CVE-2021-4197

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-410862 // JVNDB: JVNDB-2021-019487 // NVD: CVE-2021-4197

THREAT TYPE

local

Trust: 0.4

sources: PACKETSTORM: 167714 // PACKETSTORM: 167443 // PACKETSTORM: 167886 // PACKETSTORM: 167694

TYPE

arbitrary

Trust: 0.4

sources: PACKETSTORM: 167714 // PACKETSTORM: 167443 // PACKETSTORM: 167886 // PACKETSTORM: 167694

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-410862

PATCH

title:NTAP-20220602-0006 Oracle Oracle Critical Patch Updateurl:https://www.broadcom.com/

Trust: 0.8

sources: JVNDB: JVNDB-2021-019487

EXTERNAL IDS

db:NVDid:CVE-2021-4197

Trust: 3.5

db:JVNDBid:JVNDB-2021-019487

Trust: 0.8

db:PACKETSTORMid:167694

Trust: 0.2

db:PACKETSTORMid:167443

Trust: 0.2

db:PACKETSTORMid:167952

Trust: 0.2

db:PACKETSTORMid:167822

Trust: 0.2

db:PACKETSTORMid:167886

Trust: 0.2

db:PACKETSTORMid:167714

Trust: 0.2

db:PACKETSTORMid:167852

Trust: 0.2

db:PACKETSTORMid:167746

Trust: 0.1

db:PACKETSTORMid:168136

Trust: 0.1

db:PACKETSTORMid:168019

Trust: 0.1

db:PACKETSTORMid:166392

Trust: 0.1

db:PACKETSTORMid:167097

Trust: 0.1

db:PACKETSTORMid:167748

Trust: 0.1

db:PACKETSTORMid:167072

Trust: 0.1

db:CNNVDid:CNNVD-202201-1396

Trust: 0.1

db:CNVDid:CNVD-2022-68560

Trust: 0.1

db:VULHUBid:VHN-410862

Trust: 0.1

db:PACKETSTORMid:167602

Trust: 0.1

sources: VULHUB: VHN-410862 // PACKETSTORM: 167602 // PACKETSTORM: 167852 // PACKETSTORM: 167714 // PACKETSTORM: 167443 // PACKETSTORM: 167886 // PACKETSTORM: 167952 // PACKETSTORM: 167822 // PACKETSTORM: 167694 // JVNDB: JVNDB-2021-019487 // NVD: CVE-2021-4197

REFERENCES

url:https://www.debian.org/security/2022/dsa-5127

Trust: 1.9

url:https://www.debian.org/security/2022/dsa-5173

Trust: 1.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=2035652

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-4197

Trust: 1.5

url:https://security.netapp.com/advisory/ntap-20220602-0006/

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.1

url:https://lore.kernel.org/lkml/20211209214707.805617-1-tj%40kernel.org/t/

Trust: 1.0

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4197

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-4203

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-1353

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-1729

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-32250

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-4203

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-1729

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-1012

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-29368

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-1012

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-32250

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-29368

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1679

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1419

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1652

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1734

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-4202

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1011

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1516

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1198

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-28389

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-28356

Trust: 0.2

url:https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/t/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3752

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4157

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3744

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13974

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41617

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-45485

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3773

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4002

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43976

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0941

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43389

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3634

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27820

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1271

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21781

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3634

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-19131

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4037

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38185

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37159

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-4788

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3772

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-0404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3669

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3764

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43056

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41864

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0941

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26401

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27820

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29526

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3743

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3737

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-1011

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28736

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13974

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4083

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-45486

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3697

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0322

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-4788

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26401

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28737

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43565

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0286

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0001

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3695

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-28735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24785

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23806

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3759

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5201

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-29810

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21781

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0002

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-25032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-19131

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-0404

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5626

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3752

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5505-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3760

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39714

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0330

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21123

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39685

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3609

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24958

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1065.75

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3772

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1083.87

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1158

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1078.84

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.4.0-117.132

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-117.132~18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23039

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1074.79~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1065.75~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-ibm-5.4/5.4.0-1026.29~18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28390

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1966

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1046.48~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1083.87~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1078.84

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1076.83

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1076.83~18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21499

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1078.84~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure-fde/5.4.0-1083.87+cvm1.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1026.29

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1074.79

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1068.72

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26966

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5467-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1046.48

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-2380

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1199

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-1204

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5541-1

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-34169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21540

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5730

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24921

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21540

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5729

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24921

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21541

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23772

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-34169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-21541

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-24675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23772

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:5633

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5500-1

Trust: 0.1

sources: VULHUB: VHN-410862 // PACKETSTORM: 167602 // PACKETSTORM: 167852 // PACKETSTORM: 167714 // PACKETSTORM: 167443 // PACKETSTORM: 167886 // PACKETSTORM: 167952 // PACKETSTORM: 167822 // PACKETSTORM: 167694 // JVNDB: JVNDB-2021-019487 // NVD: CVE-2021-4197

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 167602 // PACKETSTORM: 167852 // PACKETSTORM: 167952 // PACKETSTORM: 167822

SOURCES

db:VULHUBid:VHN-410862
db:PACKETSTORMid:167602
db:PACKETSTORMid:167852
db:PACKETSTORMid:167714
db:PACKETSTORMid:167443
db:PACKETSTORMid:167886
db:PACKETSTORMid:167952
db:PACKETSTORMid:167822
db:PACKETSTORMid:167694
db:JVNDBid:JVNDB-2021-019487
db:NVDid:CVE-2021-4197

LAST UPDATE DATE

2026-07-11T20:24:25.187000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-410862date:2023-02-03T00:00:00
db:JVNDBid:JVNDB-2021-019487date:2023-08-02T06:47:00
db:NVDid:CVE-2021-4197date:2026-06-17T04:19:12.030

SOURCES RELEASE DATE

db:VULHUBid:VHN-410862date:2022-03-23T00:00:00
db:PACKETSTORMid:167602date:2022-06-28T15:20:26
db:PACKETSTORMid:167852date:2022-07-27T17:32:01
db:PACKETSTORMid:167714date:2022-07-07T13:08:49
db:PACKETSTORMid:167443date:2022-06-08T15:58:59
db:PACKETSTORMid:167886date:2022-07-29T14:39:49
db:PACKETSTORMid:167952date:2022-08-04T14:49:08
db:PACKETSTORMid:167822date:2022-07-27T17:20:56
db:PACKETSTORMid:167694date:2022-07-04T14:32:13
db:JVNDBid:JVNDB-2021-019487date:2023-08-02T00:00:00
db:NVDid:CVE-2021-4197date:2022-03-23T20:15:10.200