csaf_redhat - rhsa-2022

rhsa-2022_5678

Vulnerability from csaf_redhat

Published

2022-07-21 12:34

Modified

2024-11-22 19:29

Summary

Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.1]

Notes

Topic

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.5.1), redhat-virtualization-host (4.5.1), redhat-virtualization-host-productimg (4.5.1). (BZ#2062192, BZ#2070869, BZ#2094682) Security Fix(es): * kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666) * grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHV-H 4.4 SP1 Has been rebased on RHEL 8.6 Batch #1 (BZ#2070869)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host\u0027s resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.5.1), redhat-virtualization-host (4.5.1), redhat-virtualization-host-productimg (4.5.1). (BZ#2062192, BZ#2070869, BZ#2094682)\n\nSecurity Fix(es):\n\n* kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666)\n\n* grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* RHV-H 4.4 SP1 Has been rebased on RHEL 8.6 Batch #1 (BZ#2070869)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:5678",
        "url": "https://access.redhat.com/errata/RHSA-2022:5678"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2061633",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061633"
      },
      {
        "category": "external",
        "summary": "2070869",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070869"
      },
      {
        "category": "external",
        "summary": "2083339",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083339"
      },
      {
        "category": "external",
        "summary": "2097627",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097627"
      },
      {
        "category": "external",
        "summary": "2103984",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103984"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5678.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.1]",
    "tracking": {
      "current_release_date": "2024-11-22T19:29:39+00:00",
      "generator": {
        "date": "2024-11-22T19:29:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2022:5678",
      "initial_release_date": "2022-07-21T12:34:16+00:00",
      "revision_history": [
        {
          "date": "2022-07-21T12:34:16+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-07-21T12:34:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T19:29:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
                "product": {
                  "name": "RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
                  "product_id": "8Base-RHV-HypervisorBuild-4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Virtualization 4 Hypervisor for RHEL 8",
                "product": {
                  "name": "Red Hat Virtualization 4 Hypervisor for RHEL 8",
                  "product_id": "8Base-RHV-Hypervisor-4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-release-virtualization-host-0:4.5.1-1.el8ev.src",
                "product": {
                  "name": "redhat-release-virtualization-host-0:4.5.1-1.el8ev.src",
                  "product_id": "redhat-release-virtualization-host-0:4.5.1-1.el8ev.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.5.1-1.el8ev?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-virtualization-host-productimg-0:4.5.1-1.el8.src",
                "product": {
                  "name": "redhat-virtualization-host-productimg-0:4.5.1-1.el8.src",
                  "product_id": "redhat-virtualization-host-productimg-0:4.5.1-1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-virtualization-host-productimg@4.5.1-1.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
                "product": {
                  "name": "redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
                  "product_id": "redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-virtualization-host@4.5.1-202207170705_8.6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64",
                "product": {
                  "name": "redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64",
                  "product_id": "redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-release-virtualization-host@4.5.1-1.el8ev?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64",
                "product": {
                  "name": "redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64",
                  "product_id": "redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-release-virtualization-host-content@4.5.1-1.el8ev?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64",
                "product": {
                  "name": "redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64",
                  "product_id": "redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-virtualization-host-productimg@4.5.1-1.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64",
                "product": {
                  "name": "redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64",
                  "product_id": "redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update@4.5.1-202207170705_8.6?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch",
                "product": {
                  "name": "redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch",
                  "product_id": "redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-virtualization-host-image-update-placeholder@4.5.1-1.el8ev?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-virtualization-host-0:4.5.1-202207170705_8.6.src as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
          "product_id": "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.1-202207170705_8.6.src"
        },
        "product_reference": "redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
        "relates_to_product_reference": "8Base-RHV-Hypervisor-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64 as a component of Red Hat Virtualization 4 Hypervisor for RHEL 8",
          "product_id": "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64"
        },
        "product_reference": "redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64",
        "relates_to_product_reference": "8Base-RHV-Hypervisor-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-release-virtualization-host-0:4.5.1-1.el8ev.src as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.src"
        },
        "product_reference": "redhat-release-virtualization-host-0:4.5.1-1.el8ev.src",
        "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64 as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64"
        },
        "product_reference": "redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64",
        "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64 as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64"
        },
        "product_reference": "redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64",
        "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch"
        },
        "product_reference": "redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch",
        "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-virtualization-host-productimg-0:4.5.1-1.el8.src as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.src"
        },
        "product_reference": "redhat-virtualization-host-productimg-0:4.5.1-1.el8.src",
        "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64 as a component of RHEL 8-based RHEV-H for RHEV 4 (build requirements)",
          "product_id": "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64"
        },
        "product_reference": "redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64",
        "relates_to_product_reference": "8Base-RHV-HypervisorBuild-4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-27666",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2022-03-08T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.src",
            "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64",
            "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64",
            "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch",
            "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.src",
            "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2061633"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: buffer overflow in IPsec ESP transformation code",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
          "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64"
        ],
        "known_not_affected": [
          "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.src",
          "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64",
          "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64",
          "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch",
          "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.src",
          "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-27666"
        },
        {
          "category": "external",
          "summary": "RHBZ#2061633",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061633"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27666",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-27666"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27666",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27666"
        },
        {
          "category": "external",
          "summary": "https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645",
          "url": "https://github.com/torvalds/linux/commit/ebe48d368e97d007bfeb76fcb065d6cfc4c96645"
        }
      ],
      "release_date": "2022-03-11T06:30:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-07-21T12:34:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
            "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5678"
        },
        {
          "category": "workaround",
          "details": "The given exploit needs CAP_NET_ADMIN to set up IPsec SA and a user namespace is used to get that capability, so disabling unprivileged user namespaces gives some protection.\n~~~\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.\n~~~\nNote: If the target system is already using IPsec and has SA configured, then no additional privileges are needed to exploit the issue.",
          "product_ids": [
            "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
            "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64",
            "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.src",
            "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64",
            "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64",
            "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch",
            "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.src",
            "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
            "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: buffer overflow in IPsec ESP transformation code"
    },
    {
      "cve": "CVE-2022-28733",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "discovery_date": "2022-05-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.src",
            "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64",
            "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64",
            "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch",
            "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.src",
            "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2083339"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grub2: Integer underflow in grub_net_recv_ip4_packets",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
          "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64"
        ],
        "known_not_affected": [
          "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.src",
          "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-0:4.5.1-1.el8ev.x86_64",
          "8Base-RHV-HypervisorBuild-4:redhat-release-virtualization-host-content-0:4.5.1-1.el8ev.x86_64",
          "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-image-update-placeholder-0:4.5.1-1.el8ev.noarch",
          "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.src",
          "8Base-RHV-HypervisorBuild-4:redhat-virtualization-host-productimg-0:4.5.1-1.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-28733"
        },
        {
          "category": "external",
          "summary": "RHBZ#2083339",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083339"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28733",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-28733"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28733",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28733"
        }
      ],
      "release_date": "2022-06-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-07-21T12:34:16+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
          "product_ids": [
            "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
            "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5678"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHV-Hypervisor-4:redhat-virtualization-host-0:4.5.1-202207170705_8.6.src",
            "8Base-RHV-Hypervisor-4:redhat-virtualization-host-image-update-0:4.5.1-202207170705_8.6.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "grub2: Integer underflow in grub_net_recv_ip4_packets"
    }
  ]
}

CVE-2022-28733 (GCVE-0-2022-28733)

Vulnerability from cvelistv5

Published

2023-07-20 00:20

Modified

2025-02-13 16:32

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-191

Summary

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.

References

URL

	Vendor	Product	Version
	GNU Project	GNU GRUB	Version: 0 ≤

CVE-2022-27666 (GCVE-0-2022-27666)

Vulnerability from cvelistv5

Published

2022-03-23 05:07

Modified

2024-08-03 05:32

Severity ?

CWE

Summary

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2022_5678

Vulnerability from csaf_redhat

CVE-2022-28733 (GCVE-0-2022-28733)

Vulnerability from cvelistv5

CVE-2022-27666 (GCVE-0-2022-27666)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature