ID

VAR-202205-1319

CVE

CVE-2022-26710

TITLE

Freed memory usage vulnerability in multiple Apple products

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. iPadOS , iOS , macOS Multiple Apple products contain a freed memory usage vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple tvOS is a smart TV operating system developed by Apple (Apple). WebKit is a fast, open source web browser engine. Apple tvOS 15.0 19J346 - 15.4.1 19L452 versions contain a resource management error vulnerability caused by a use-after-free error when handling HTML content in WebKit. A remote attacker could exploit this vulnerability to compromise a vulnerable system. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: RHSA: Submariner 0.14 - bug fix and security updates Advisory ID: RHSA-2023:0631-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2023:0631 Issue date: 2023-02-07 CVE Names: CVE-2016-3709 CVE-2020-35525 CVE-2020-35527 CVE-2021-46848 CVE-2022-1304 CVE-2022-2509 CVE-2022-2601 CVE-2022-2880 CVE-2022-3515 CVE-2022-3775 CVE-2022-3787 CVE-2022-3821 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27664 CVE-2022-30293 CVE-2022-30698 CVE-2022-30699 CVE-2022-35737 CVE-2022-37434 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-41715 CVE-2022-41717 CVE-2022-41974 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898 CVE-2022-43680 ===================================================================== 1. Summary: Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Submariner enables direct networking between pods and services on different Kubernetes clusters that are either on-premises or in the cloud. For more information about Submariner, see the Submariner open source community website at: https://submariner.io/. This advisory contains bug fixes and enhancements to the Submariner container images. Security fixes: * CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY * CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps * CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests Bugs addressed: * subctl diagnose firewall metrics does not work on merged kubeconfig (BZ# 2013711) * [Submariner] - Fails to increase gateway amount after deployment (BZ# 2097381) * Submariner gateway node does not get deleted with subctl cloud cleanup command (BZ# 2108634) * submariner GW pods are unable to resolve the DNS of the Broker K8s API URL (BZ# 2119362) * Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack (BZ# 2124219) * unable to run subctl benchmark latency, pods fail with ImagePullBackOff (BZ# 2130326) * [IBM Z] - Submariner addon unistallation doesnt work from ACM console (BZ# 2136442) * Tags on AWS security group for gateway node break cloud-controller LoadBalancer (BZ# 2139477) * RHACM - Submariner: UI support for OpenStack #19297 (ACM-1242) * Submariner OVN support (ACM-1358) * Submariner Azure Console support (ACM-1388) * ManagedClusterSet consumers migrate to v1beta2 (ACM-1614) * Submariner on disconnected ACM #22000 (ACM-1678) * Submariner gateway: Error creating AWS security group if already exists (ACM-2055) * Submariner gateway security group in AWS not deleted when uninstalling submariner (ACM-2057) * The submariner-metrics-proxy pod pulls an image with wrong naming convention (ACM-2058) * The submariner-metrics-proxy pod is not part of the Agent readiness check (ACM-2067) * Subctl 0.14.0 prints version "vsubctl" (ACM-2132) * managedclusters "local-cluster" not found and missing Submariner Broker CRD (ACM-2145) * Add support of ARO to Submariner deployment (ACM-2150) * The e2e tests execution fails for "Basic TCP connectivity" tests (ACM-2204) * Gateway error shown "diagnose all" tests (ACM-2206) * Submariner does not support cluster "kube-proxy ipvs mode"(ACM-2211) * Vsphere cluster shows Pod Security admission controller warnings (ACM-2256) * Cannot use submariner with OSP and self signed certs (ACM-2274) * Subctl diagnose tests spawn nettest image with wrong tag nameing convention (ACM-2387) * Subctl 0.14.1 prints version "devel" (ACM-2482) 3. Solution: For details on how to install Submariner, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/submariner#deploying-submariner-console and https://submariner.io/getting-started/ 4. Bugs fixed (https://bugzilla.redhat.com/): 2013711 - subctl diagnose firewall metrics does not work on merged kubeconfig 2097381 - [Submariner] - Fails to increase gateway amount after deployment 2108634 - Submariner gateway node does not get deleted with subctl cloud cleanup command 2119362 - submariner GW pods are unable to resolve the DNS of the Broker K8s API URL 2124219 - Submariner gateway node does not get deployed after applying ManagedClusterAddOn on Openstack 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2130326 - unable to run subctl benchmark latency, pods fail with ImagePullBackOff 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 2136442 - [IBM Z] - Submariner addon unistallation doesnt work from ACM console 2139477 - Tags on AWS security group for gateway node break cloud-controller LoadBalancer 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): ACM-1614 - ManagedClusterSet consumers migrate to v1beta2 (Submariner) ACM-2055 - Submariner gateway: Error creating AWS security group if already exists ACM-2057 - [Submariner] - submariner gateway security group in aws not deleted when uninstalling submariner ACM-2058 - [Submariner] - The submariner-metrics-proxy pod pulls an image with wrong naming convention ACM-2067 - [Submariner] - The submariner-metrics-proxy pod is not part of the Agent readiness check ACM-2132 - Subctl 0.14.0 prints version "vsubctl" ACM-2145 - managedclusters "local-cluster" not found and missing Submariner Broker CRD ACM-2150 - Add support of ARO to Submariner deployment ACM-2204 - [Submariner] - e2e tests execution fails for "Basic TCP connectivity" tests ACM-2206 - [Submariner] - Gateway error shown "diagnose all" tests ACM-2211 - [Submariner] - Submariner does not support cluster "kube-proxy ipvs mode" ACM-2256 - [Submariner] - Vsphere cluster shows Pod Security admission controller warnings ACM-2274 - Cannot use submariner with OSP and self signed certs ACM-2387 - [Submariner] - subctl diagnose tests spawn nettest image with wrong tag nameing convention ACM-2482 - Subctl 0.14.1 prints version "devel" 6. References: https://access.redhat.com/security/cve/CVE-2016-3709 https://access.redhat.com/security/cve/CVE-2020-35525 https://access.redhat.com/security/cve/CVE-2020-35527 https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2509 https://access.redhat.com/security/cve/CVE-2022-2601 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-3515 https://access.redhat.com/security/cve/CVE-2022-3775 https://access.redhat.com/security/cve/CVE-2022-3787 https://access.redhat.com/security/cve/CVE-2022-3821 https://access.redhat.com/security/cve/CVE-2022-22624 https://access.redhat.com/security/cve/CVE-2022-22628 https://access.redhat.com/security/cve/CVE-2022-22629 https://access.redhat.com/security/cve/CVE-2022-22662 https://access.redhat.com/security/cve/CVE-2022-26700 https://access.redhat.com/security/cve/CVE-2022-26709 https://access.redhat.com/security/cve/CVE-2022-26710 https://access.redhat.com/security/cve/CVE-2022-26716 https://access.redhat.com/security/cve/CVE-2022-26717 https://access.redhat.com/security/cve/CVE-2022-26719 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-30293 https://access.redhat.com/security/cve/CVE-2022-30698 https://access.redhat.com/security/cve/CVE-2022-30699 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-37434 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-40674 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41974 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 2134876 - CVE-2022-37601 loader-utils: prototype pollution in function parseQuery in parseQuery.js 2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service 2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing 2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process 2156263 - CVE-2022-46175 json5: Prototype Pollution in JSON5 via Parse Method 2156324 - CVE-2021-35065 glob-parent: Regular Expression Denial of Service 2156683 - CVE-2020-36567 gin: Unsanitized input in the default logger in github.com/gin-gonic/gin 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): MTA-103 - MTA 6.0.1 Installation failed with CrashLoop Error for UI Pod MTA-106 - Implement ability for windup addon image pull policy to be configurable MTA-122 - MTA is upgrading automatically ignoring 'Manual' setting MTA-123 - MTA Becomes unusable when running bulk binary analysis MTA-127 - After upgrading MTA operator from 6.0.0 to 6.0.1 and running analysis , task pods starts failing MTA-131 - Analysis stops working after MTA upgrade from 6.0.0 to 6.0.1 MTA-36 - Can't disable a proxy if it has an invalid configuration MTA-44 - Make RWX volumes optional. MTA-49 - Uploaded a local binary when return back to the page the UI should show green bar and correct % MTA-59 - Getting error 401 if deleting many credentials quickly MTA-65 - Set windup addon image pull policy to be controlled by the global image_pull_policy parameter MTA-72 - CVE-2022-46175 mta-ui-container: json5: Prototype Pollution in JSON5 via Parse Method [mta-6] MTA-73 - CVE-2022-37601 mta-ui-container: loader-utils: prototype pollution in function parseQuery in parseQuery.js [mta-6] MTA-74 - CVE-2020-36567 mta-windup-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-76 - CVE-2022-37603 mta-ui-container: loader-utils:Regular expression denial of service [mta-6] MTA-77 - CVE-2020-36567 mta-hub-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-80 - CVE-2021-35065 mta-ui-container: glob-parent: Regular Expression Denial of Service [mta-6] MTA-82 - CVE-2022-42920 org.jboss.windup-windup-cli-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-85 - CVE-2022-24999 mta-ui-container: express: "qs" prototype poisoning causes the hang of the node process [mta-6] MTA-88 - CVE-2020-36567 mta-admin-addon-container: gin: Unsanitized input in the default logger in github.com/gin-gonic/gin [mta-6] MTA-92 - CVE-2022-42920 org.jboss.windup.plugin-windup-maven-plugin-parent: Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing [mta-6.0] MTA-96 - [UI] Maven -> "Local artifact repository" textbox can be checked and has no tooltip 6. Summary: An update for service-binding-operator-bundle-container and service-binding-operator-container is now available for OpenShift Developer Tools and Services for OCP 4.9. Description: Service Binding manages the data plane for applications and backing services. Security Fix(es): * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.jboss.org/): APPSVC-1204 - Provisioned Service discovery APPSVC-1256 - CVE-2022-41717 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-6 tvOS 15.5 tvOS 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213254. AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26702: an anonymous researcher AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22675: an anonymous researcher AuthKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A local user may be able to enable iCloud Photos without authentication Description: An authentication issue was addressed with improved state management. CVE-2022-26724: Jorge A. Caballero (@DataDrivenMD) AVEVideoEncoder Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher DriverKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) ImageIO Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative IOKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab IOMobileFrameBuffer Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher IOSurfaceAccelerator Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26771: an anonymous researcher Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de) LaunchServices Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libxml2 Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 Security Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori WebKit Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech Wi-Fi Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Additional recognition AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance. Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TcACgkQeC9qKD1p rhiw7BAAy82XZ2+vjnjFB1FrZ7ZnKtM4pz8MMpX4ZTD2ytgkwXi0qnyzBdMe/w4p zrpedL4p/RfdDOiM/4kWBtiH62qetiXDcE8tBqN8WTE9rf55cX4jlXrHASohFI2q ErkAjo51j2fg8S7a+luyaZWzBUZqlghtzWjtFgaHOQAP5dDf+He92kDerbrIDQw9 dg0nL4os0VFgWdX0EtFC7umK8iiTFbvtoEbLDLFODWweaJN8LOP/LHe71YzAryKg Dh9ItWqVdzkCOKWR8F96NnoBs7c6B4naqQkS4k2F/m6C6ckPb8LI18ss7oiD3eMB k7oo7+u1zQFRKmk0XlfH7awxtEHjYjjw3LT8ko9QJ8mEuspxoiwW7n1mINWa7Khp YoCe88xR06kfti4h6MJDSN6JpxSnikEyJzR4j4xGL6rWjqCj+XV9ejrt9EgF8BL2 JZ+Oceoh23m7IqVoMe1Hzjf1X3nsxXJQEg/xxRwHRknAjSNtVJUKhT4/ioOc9pu6 TROAHYdSO5yRLNUNpj9RlkBeDbXtiWgA2IEg0wcUPzwf3Uzt2Qw9zBFbMb1hPSht 7zTIOtF4Ub+MD6cFuHbC7hL58pRmA4FzEczLG81BoGGaFOCD2QDt0/ySTFr1M+YD g2L2PlZNgxd0zetkTkZbvAwroMUTRSi1GqxAhVeKwbvW4XAN+yc= =G3ho -----END PGP SIGNATURE----- . Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly, for detailed release notes: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-06-26T22:12:35.286000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE