RHSA-2022:6526
Vulnerability from csaf_redhat - Published: 2022-09-14 19:28 - Updated: 2026-03-24 18:18Summary
Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update
Severity
Important
Notes
Topic: Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11
===============
hostpath-provisioner-container-v4.11.0-21
kubevirt-tekton-tasks-operator-container-v4.11.0-29
kubevirt-template-validator-container-v4.11.0-17
bridge-marker-container-v4.11.0-26
hostpath-csi-driver-container-v4.11.0-21
cluster-network-addons-operator-container-v4.11.0-26
ovs-cni-marker-container-v4.11.0-26
virtio-win-container-v4.11.0-16
ovs-cni-plugin-container-v4.11.0-26
kubemacpool-container-v4.11.0-26
hostpath-provisioner-operator-container-v4.11.0-24
cnv-containernetworking-plugins-container-v4.11.0-26
kubevirt-ssp-operator-container-v4.11.0-54
virt-cdi-uploadserver-container-v4.11.0-59
virt-cdi-cloner-container-v4.11.0-59
virt-cdi-operator-container-v4.11.0-59
virt-cdi-importer-container-v4.11.0-59
virt-cdi-uploadproxy-container-v4.11.0-59
virt-cdi-controller-container-v4.11.0-59
virt-cdi-apiserver-container-v4.11.0-59
kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7
kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7
kubevirt-tekton-tasks-copy-template-container-v4.11.0-7
checkup-framework-container-v4.11.0-67
kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7
vm-network-latency-checkup-container-v4.11.0-67
kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7
hyperconverged-cluster-webhook-container-v4.11.0-95
cnv-must-gather-container-v4.11.0-62
hyperconverged-cluster-operator-container-v4.11.0-95
kubevirt-console-plugin-container-v4.11.0-83
virt-controller-container-v4.11.0-105
virt-handler-container-v4.11.0-105
virt-operator-container-v4.11.0-105
virt-launcher-container-v4.11.0-105
virt-artifacts-server-container-v4.11.0-105
virt-api-container-v4.11.0-105
libguestfs-tools-container-v4.11.0-105
hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
Workaround
This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
4.8 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
Workaround
This bug can be mitigated by raising the per-process file descriptor limit.
An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.
7.7 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
A stack overflow flaw was found in Golang's regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
An integer overflow flaw was found in Golang's crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2022:6526
References
Acknowledgments
NCC Group
Oliver Brooks and James Klopchic
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.11.0 images:\n\nRHEL-8-CNV-4.11\n===============\nhostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6526",
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1937609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937609"
},
{
"category": "external",
"summary": "1945593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945593"
},
{
"category": "external",
"summary": "1968514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968514"
},
{
"category": "external",
"summary": "1993109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993109"
},
{
"category": "external",
"summary": "1994604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994604"
},
{
"category": "external",
"summary": "2001385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001385"
},
{
"category": "external",
"summary": "2009793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009793"
},
{
"category": "external",
"summary": "2010318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010318"
},
{
"category": "external",
"summary": "2025276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025276"
},
{
"category": "external",
"summary": "2025401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025401"
},
{
"category": "external",
"summary": "2026357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026357"
},
{
"category": "external",
"summary": "2029349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029349"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2031857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031857"
},
{
"category": "external",
"summary": "2033077",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033077"
},
{
"category": "external",
"summary": "2035344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035344"
},
{
"category": "external",
"summary": "2036676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036676"
},
{
"category": "external",
"summary": "2039976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039976"
},
{
"category": "external",
"summary": "2040766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040766"
},
{
"category": "external",
"summary": "2041467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041467"
},
{
"category": "external",
"summary": "2042402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042402"
},
{
"category": "external",
"summary": "2042809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042809"
},
{
"category": "external",
"summary": "2045086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045086"
},
{
"category": "external",
"summary": "2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "2047186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047186"
},
{
"category": "external",
"summary": "2051899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051899"
},
{
"category": "external",
"summary": "2052094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052094"
},
{
"category": "external",
"summary": "2052466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052466"
},
{
"category": "external",
"summary": "2052689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052689"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "2056467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056467"
},
{
"category": "external",
"summary": "2057157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057157"
},
{
"category": "external",
"summary": "2057310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057310"
},
{
"category": "external",
"summary": "2058149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058149"
},
{
"category": "external",
"summary": "2058925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058925"
},
{
"category": "external",
"summary": "2059121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059121"
},
{
"category": "external",
"summary": "2060485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060485"
},
{
"category": "external",
"summary": "2060585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060585"
},
{
"category": "external",
"summary": "2061208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061208"
},
{
"category": "external",
"summary": "2061723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061723"
},
{
"category": "external",
"summary": "2063540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063540"
},
{
"category": "external",
"summary": "2063792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063792"
},
{
"category": "external",
"summary": "2064034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064034"
},
{
"category": "external",
"summary": "2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "2064936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064936"
},
{
"category": "external",
"summary": "2065014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065014"
},
{
"category": "external",
"summary": "2065019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065019"
},
{
"category": "external",
"summary": "2066768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066768"
},
{
"category": "external",
"summary": "2067246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067246"
},
{
"category": "external",
"summary": "2069287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069287"
},
{
"category": "external",
"summary": "2069388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069388"
},
{
"category": "external",
"summary": "2070366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
},
{
"category": "external",
"summary": "2070864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070864"
},
{
"category": "external",
"summary": "2071488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071488"
},
{
"category": "external",
"summary": "2071549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071549"
},
{
"category": "external",
"summary": "2071611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071611"
},
{
"category": "external",
"summary": "2071921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071921"
},
{
"category": "external",
"summary": "2073669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073669"
},
{
"category": "external",
"summary": "2073679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073679"
},
{
"category": "external",
"summary": "2073982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073982"
},
{
"category": "external",
"summary": "2074337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074337"
},
{
"category": "external",
"summary": "2075200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075200"
},
{
"category": "external",
"summary": "2075409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075409"
},
{
"category": "external",
"summary": "2076292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076292"
},
{
"category": "external",
"summary": "2076379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076379"
},
{
"category": "external",
"summary": "2076790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076790"
},
{
"category": "external",
"summary": "2076908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076908"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2078700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078700"
},
{
"category": "external",
"summary": "2078703",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078703"
},
{
"category": "external",
"summary": "2078709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078709"
},
{
"category": "external",
"summary": "2078728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078728"
},
{
"category": "external",
"summary": "2079366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079366"
},
{
"category": "external",
"summary": "2079674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079674"
},
{
"category": "external",
"summary": "2079783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079783"
},
{
"category": "external",
"summary": "2080132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080132"
},
{
"category": "external",
"summary": "2080155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080155"
},
{
"category": "external",
"summary": "2080547",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080547"
},
{
"category": "external",
"summary": "2080833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080833"
},
{
"category": "external",
"summary": "2080835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080835"
},
{
"category": "external",
"summary": "2081182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081182"
},
{
"category": "external",
"summary": "2081202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081202"
},
{
"category": "external",
"summary": "2081409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081409"
},
{
"category": "external",
"summary": "2081671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081671"
},
{
"category": "external",
"summary": "2081831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081831"
},
{
"category": "external",
"summary": "2082008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082008"
},
{
"category": "external",
"summary": "2082164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082164"
},
{
"category": "external",
"summary": "2082912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082912"
},
{
"category": "external",
"summary": "2083093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083093"
},
{
"category": "external",
"summary": "2083097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083097"
},
{
"category": "external",
"summary": "2083100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083100"
},
{
"category": "external",
"summary": "2083101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083101"
},
{
"category": "external",
"summary": "2083135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083135"
},
{
"category": "external",
"summary": "2083256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083256"
},
{
"category": "external",
"summary": "2083595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083595"
},
{
"category": "external",
"summary": "2084102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084102"
},
{
"category": "external",
"summary": "2084122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084122"
},
{
"category": "external",
"summary": "2084418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084418"
},
{
"category": "external",
"summary": "2084431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084431"
},
{
"category": "external",
"summary": "2084476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084476"
},
{
"category": "external",
"summary": "2084532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084532"
},
{
"category": "external",
"summary": "2084610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084610"
},
{
"category": "external",
"summary": "2085320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085320"
},
{
"category": "external",
"summary": "2085322",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085322"
},
{
"category": "external",
"summary": "2086272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086272"
},
{
"category": "external",
"summary": "2086278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086278"
},
{
"category": "external",
"summary": "2086281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086281"
},
{
"category": "external",
"summary": "2086286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086286"
},
{
"category": "external",
"summary": "2086293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086293"
},
{
"category": "external",
"summary": "2086294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086294"
},
{
"category": "external",
"summary": "2086303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086303"
},
{
"category": "external",
"summary": "2086479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086479"
},
{
"category": "external",
"summary": "2086486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086486"
},
{
"category": "external",
"summary": "2086488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086488"
},
{
"category": "external",
"summary": "2086769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086769"
},
{
"category": "external",
"summary": "2086803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086803"
},
{
"category": "external",
"summary": "2086825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086825"
},
{
"category": "external",
"summary": "2086849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086849"
},
{
"category": "external",
"summary": "2087188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087188"
},
{
"category": "external",
"summary": "2087189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087189"
},
{
"category": "external",
"summary": "2087232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087232"
},
{
"category": "external",
"summary": "2087546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087546"
},
{
"category": "external",
"summary": "2087547",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087547"
},
{
"category": "external",
"summary": "2087559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087559"
},
{
"category": "external",
"summary": "2087566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087566"
},
{
"category": "external",
"summary": "2087570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087570"
},
{
"category": "external",
"summary": "2087577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087577"
},
{
"category": "external",
"summary": "2087578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087578"
},
{
"category": "external",
"summary": "2087582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087582"
},
{
"category": "external",
"summary": "2087583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087583"
},
{
"category": "external",
"summary": "2087584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087584"
},
{
"category": "external",
"summary": "2087587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087587"
},
{
"category": "external",
"summary": "2087589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087589"
},
{
"category": "external",
"summary": "2087590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087590"
},
{
"category": "external",
"summary": "2087593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087593"
},
{
"category": "external",
"summary": "2087603",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087603"
},
{
"category": "external",
"summary": "2087616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087616"
},
{
"category": "external",
"summary": "2087701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087701"
},
{
"category": "external",
"summary": "2087717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087717"
},
{
"category": "external",
"summary": "2088034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088034"
},
{
"category": "external",
"summary": "2088355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088355"
},
{
"category": "external",
"summary": "2088361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088361"
},
{
"category": "external",
"summary": "2088379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088379"
},
{
"category": "external",
"summary": "2088407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088407"
},
{
"category": "external",
"summary": "2088471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088471"
},
{
"category": "external",
"summary": "2088472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088472"
},
{
"category": "external",
"summary": "2088477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088477"
},
{
"category": "external",
"summary": "2088849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088849"
},
{
"category": "external",
"summary": "2089078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089078"
},
{
"category": "external",
"summary": "2089271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089271"
},
{
"category": "external",
"summary": "2089327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089327"
},
{
"category": "external",
"summary": "2089376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089376"
},
{
"category": "external",
"summary": "2089477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089477"
},
{
"category": "external",
"summary": "2089700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089700"
},
{
"category": "external",
"summary": "2089745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089745"
},
{
"category": "external",
"summary": "2089789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089789"
},
{
"category": "external",
"summary": "2089825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089825"
},
{
"category": "external",
"summary": "2089836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089836"
},
{
"category": "external",
"summary": "2089840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089840"
},
{
"category": "external",
"summary": "2089877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089877"
},
{
"category": "external",
"summary": "2089932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089932"
},
{
"category": "external",
"summary": "2089942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089942"
},
{
"category": "external",
"summary": "2089954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089954"
},
{
"category": "external",
"summary": "2089963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089963"
},
{
"category": "external",
"summary": "2089967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089967"
},
{
"category": "external",
"summary": "2089970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089970"
},
{
"category": "external",
"summary": "2089972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089972"
},
{
"category": "external",
"summary": "2089979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089979"
},
{
"category": "external",
"summary": "2089982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089982"
},
{
"category": "external",
"summary": "2090035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090035"
},
{
"category": "external",
"summary": "2090036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090036"
},
{
"category": "external",
"summary": "2090037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090037"
},
{
"category": "external",
"summary": "2090038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090038"
},
{
"category": "external",
"summary": "2090042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090042"
},
{
"category": "external",
"summary": "2090043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090043"
},
{
"category": "external",
"summary": "2090046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090046"
},
{
"category": "external",
"summary": "2090048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090048"
},
{
"category": "external",
"summary": "2090054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090054"
},
{
"category": "external",
"summary": "2090055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090055"
},
{
"category": "external",
"summary": "2090056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090056"
},
{
"category": "external",
"summary": "2090057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090057"
},
{
"category": "external",
"summary": "2090059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090059"
},
{
"category": "external",
"summary": "2090064",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090064"
},
{
"category": "external",
"summary": "2090066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090066"
},
{
"category": "external",
"summary": "2090068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090068"
},
{
"category": "external",
"summary": "2090131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090131"
},
{
"category": "external",
"summary": "2090350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090350"
},
{
"category": "external",
"summary": "2091003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091003"
},
{
"category": "external",
"summary": "2091058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091058"
},
{
"category": "external",
"summary": "2091309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091309"
},
{
"category": "external",
"summary": "2091406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091406"
},
{
"category": "external",
"summary": "2091754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091754"
},
{
"category": "external",
"summary": "2091755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091755"
},
{
"category": "external",
"summary": "2091756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091756"
},
{
"category": "external",
"summary": "2091758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091758"
},
{
"category": "external",
"summary": "2091760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091760"
},
{
"category": "external",
"summary": "2091761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091761"
},
{
"category": "external",
"summary": "2091762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091762"
},
{
"category": "external",
"summary": "2091764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091764"
},
{
"category": "external",
"summary": "2091765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091765"
},
{
"category": "external",
"summary": "2091766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091766"
},
{
"category": "external",
"summary": "2091853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091853"
},
{
"category": "external",
"summary": "2091863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091863"
},
{
"category": "external",
"summary": "2091868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091868"
},
{
"category": "external",
"summary": "2091889",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091889"
},
{
"category": "external",
"summary": "2091897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091897"
},
{
"category": "external",
"summary": "2091904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091904"
},
{
"category": "external",
"summary": "2091911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091911"
},
{
"category": "external",
"summary": "2091940",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091940"
},
{
"category": "external",
"summary": "2091945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091945"
},
{
"category": "external",
"summary": "2091946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091946"
},
{
"category": "external",
"summary": "2091982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091982"
},
{
"category": "external",
"summary": "2092048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092048"
},
{
"category": "external",
"summary": "2092052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092052"
},
{
"category": "external",
"summary": "2092071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092071"
},
{
"category": "external",
"summary": "2092079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092079"
},
{
"category": "external",
"summary": "2092158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092158"
},
{
"category": "external",
"summary": "2092228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092228"
},
{
"category": "external",
"summary": "2092230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092230"
},
{
"category": "external",
"summary": "2092306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092306"
},
{
"category": "external",
"summary": "2092337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092337"
},
{
"category": "external",
"summary": "2092359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092359"
},
{
"category": "external",
"summary": "2092654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092654"
},
{
"category": "external",
"summary": "2092662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092662"
},
{
"category": "external",
"summary": "2092663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092663"
},
{
"category": "external",
"summary": "2092664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092664"
},
{
"category": "external",
"summary": "2092781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092781"
},
{
"category": "external",
"summary": "2092783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092783"
},
{
"category": "external",
"summary": "2092787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092787"
},
{
"category": "external",
"summary": "2092789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092789"
},
{
"category": "external",
"summary": "2092951",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092951"
},
{
"category": "external",
"summary": "2093282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093282"
},
{
"category": "external",
"summary": "2093691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093691"
},
{
"category": "external",
"summary": "2093713",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093713"
},
{
"category": "external",
"summary": "2093715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093715"
},
{
"category": "external",
"summary": "2093716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093716"
},
{
"category": "external",
"summary": "2093772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093772"
},
{
"category": "external",
"summary": "2093773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093773"
},
{
"category": "external",
"summary": "2093866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093866"
},
{
"category": "external",
"summary": "2093867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093867"
},
{
"category": "external",
"summary": "2094202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202"
},
{
"category": "external",
"summary": "2094207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094207"
},
{
"category": "external",
"summary": "2094208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094208"
},
{
"category": "external",
"summary": "2094217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094217"
},
{
"category": "external",
"summary": "2094222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094222"
},
{
"category": "external",
"summary": "2094323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094323"
},
{
"category": "external",
"summary": "2094405",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094405"
},
{
"category": "external",
"summary": "2094440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094440"
},
{
"category": "external",
"summary": "2094451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094451"
},
{
"category": "external",
"summary": "2094453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094453"
},
{
"category": "external",
"summary": "2094465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094465"
},
{
"category": "external",
"summary": "2094471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094471"
},
{
"category": "external",
"summary": "2094481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094481"
},
{
"category": "external",
"summary": "2094486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094486"
},
{
"category": "external",
"summary": "2094491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094491"
},
{
"category": "external",
"summary": "2094495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094495"
},
{
"category": "external",
"summary": "2094646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094646"
},
{
"category": "external",
"summary": "2094665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094665"
},
{
"category": "external",
"summary": "2094678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094678"
},
{
"category": "external",
"summary": "2094727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094727"
},
{
"category": "external",
"summary": "2094807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094807"
},
{
"category": "external",
"summary": "2094813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094813"
},
{
"category": "external",
"summary": "2094848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094848"
},
{
"category": "external",
"summary": "2095125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095125"
},
{
"category": "external",
"summary": "2095129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095129"
},
{
"category": "external",
"summary": "2095224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095224"
},
{
"category": "external",
"summary": "2095529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095529"
},
{
"category": "external",
"summary": "2095530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095530"
},
{
"category": "external",
"summary": "2095532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095532"
},
{
"category": "external",
"summary": "2095537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095537"
},
{
"category": "external",
"summary": "2095570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095570"
},
{
"category": "external",
"summary": "2095573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095573"
},
{
"category": "external",
"summary": "2095953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095953"
},
{
"category": "external",
"summary": "2095955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095955"
},
{
"category": "external",
"summary": "2096166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096166"
},
{
"category": "external",
"summary": "2096206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096206"
},
{
"category": "external",
"summary": "2096208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096208"
},
{
"category": "external",
"summary": "2096263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096263"
},
{
"category": "external",
"summary": "2096333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096333"
},
{
"category": "external",
"summary": "2096492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096492"
},
{
"category": "external",
"summary": "2096502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096502"
},
{
"category": "external",
"summary": "2096510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096510"
},
{
"category": "external",
"summary": "2096511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096511"
},
{
"category": "external",
"summary": "2096620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096620"
},
{
"category": "external",
"summary": "2096781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096781"
},
{
"category": "external",
"summary": "2096801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096801"
},
{
"category": "external",
"summary": "2096845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096845"
},
{
"category": "external",
"summary": "2097328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097328"
},
{
"category": "external",
"summary": "2097370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097370"
},
{
"category": "external",
"summary": "2097465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097465"
},
{
"category": "external",
"summary": "2097586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586"
},
{
"category": "external",
"summary": "2098134",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098134"
},
{
"category": "external",
"summary": "2098135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098135"
},
{
"category": "external",
"summary": "2098282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098282"
},
{
"category": "external",
"summary": "2099443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099443"
},
{
"category": "external",
"summary": "2099533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099533"
},
{
"category": "external",
"summary": "2099535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099535"
},
{
"category": "external",
"summary": "2099539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099539"
},
{
"category": "external",
"summary": "2099566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099566"
},
{
"category": "external",
"summary": "2099608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099608"
},
{
"category": "external",
"summary": "2099633",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099633"
},
{
"category": "external",
"summary": "2099639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099639"
},
{
"category": "external",
"summary": "2099802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099802"
},
{
"category": "external",
"summary": "2100054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100054"
},
{
"category": "external",
"summary": "2100284",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100284"
},
{
"category": "external",
"summary": "2100415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100415"
},
{
"category": "external",
"summary": "2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "2101164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164"
},
{
"category": "external",
"summary": "2101192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101192"
},
{
"category": "external",
"summary": "2101430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430"
},
{
"category": "external",
"summary": "2101454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454"
},
{
"category": "external",
"summary": "2101485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101485"
},
{
"category": "external",
"summary": "2101628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628"
},
{
"category": "external",
"summary": "2101954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101954"
},
{
"category": "external",
"summary": "2102076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102076"
},
{
"category": "external",
"summary": "2102116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102116"
},
{
"category": "external",
"summary": "2102117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102117"
},
{
"category": "external",
"summary": "2102122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102122"
},
{
"category": "external",
"summary": "2102124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102124"
},
{
"category": "external",
"summary": "2102125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125"
},
{
"category": "external",
"summary": "2102127",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102127"
},
{
"category": "external",
"summary": "2102129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102129"
},
{
"category": "external",
"summary": "2102131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102131"
},
{
"category": "external",
"summary": "2102135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102135"
},
{
"category": "external",
"summary": "2102143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102143"
},
{
"category": "external",
"summary": "2102256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256"
},
{
"category": "external",
"summary": "2102448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448"
},
{
"category": "external",
"summary": "2102543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102543"
},
{
"category": "external",
"summary": "2102544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102544"
},
{
"category": "external",
"summary": "2102545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102545"
},
{
"category": "external",
"summary": "2104617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104617"
},
{
"category": "external",
"summary": "2106175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175"
},
{
"category": "external",
"summary": "2106258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106258"
},
{
"category": "external",
"summary": "2110178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110178"
},
{
"category": "external",
"summary": "2111359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111359"
},
{
"category": "external",
"summary": "2111562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111562"
},
{
"category": "external",
"summary": "2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6526.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update",
"tracking": {
"current_release_date": "2026-03-24T18:18:53+00:00",
"generator": {
"date": "2026-03-24T18:18:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2022:6526",
"initial_release_date": "2022-09-14T19:28:51+00:00",
"revision_history": [
{
"date": "2022-09-14T19:28:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-09-14T19:28:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-24T18:18:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.11 for RHEL 8",
"product": {
"name": "CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"product": {
"name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"product_id": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"product_identification_helper": {
"purl": "pkg:oci/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/checkup-framework\u0026tag=v4.11.0-67"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.11.0-21"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.11.0-21"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.11.0-83"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.11.0-29"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"product": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.11.0-67"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64"
},
"product_reference": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
},
"product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2100495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38561"
},
{
"category": "external",
"summary": "RHBZ#2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2021-0113",
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
],
"release_date": "2021-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
},
{
"acknowledgments": [
{
"names": [
"Oliver Brooks and James Klopchic"
],
"organization": "NCC Group"
}
],
"cve": "CVE-2022-1798",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-08-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117872"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "RHBZ#2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
}
],
"release_date": "2022-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.\n\nThe vulnerability lies in the crypto/elliptic: IsOnCurve taking in negative and invalid forms of data input and resulting in a panic, the resulting invalid data input is also resulting in data sinks in other functions such as marshall that handle elliptic curve cryptography by converting points on an elliptic curve into a binary format for storage or transmission and scalarmult which provides scalar multiplication, all three function takes in invalid forms of data and results in a crash, although the main culprit being isoncurve function, considering the attack complexity being high as the data that reaches the vulnerable function could already be stripped of negative sign and the resultant successful exploitation only leading to a panic/crash the vulnerability has been rated as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24921",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064857"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp: stack exhaustion via a deeply nested expression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24921"
},
{
"category": "external",
"summary": "RHBZ#2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
"url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
}
],
"release_date": "2022-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp: stack exhaustion via a deeply nested expression"
},
{
"cve": "CVE-2022-27191",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064702"
}
],
"notes": [
{
"category": "description",
"text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crash in a golang.org/x/crypto/ssh server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "RHBZ#2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crash in a golang.org/x/crypto/ssh server"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A moderate severity flaw was found in Go\u2019s crypto/elliptic package in the generic P-256 implementation. If a scalar input longer than 32 bytes is supplied, P256().ScalarMult or P256().ScalarBaseMult can panic, causing the application to crash. Indirect uses via crypto/ecdsa and crypto/tls are not affected. This issue impacts availability but does not affect confidentiality or integrity. Only certain platforms (non-amd64, non-arm64, non-ppc64le, non-s390x) may be affected.\n\nRed Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…