Red Hat Enterprise Linux (RHEL)
Recent Red Hat Enterprise Linux (RHEL) Security Advisories
Advisory | Title | Published |
---|---|---|
RHSA-2021:3144 | (RHSA-2021:3144) Low: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update | August 11, 2021 |
RHSA-2021:1547 | (RHSA-2021:1547) Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update | May 12, 2021 |
RHSA-2021:1546 | (RHSA-2021:1546) Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update | May 12, 2021 |
By the Year
In 2023 there have been 41 vulnerabilities in Red Hat Enterprise Linux (RHEL) with an average score of 6.6 out of ten. Last year Enterprise Linux (RHEL) had 174 security vulnerabilities published. Right now, Enterprise Linux (RHEL) is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.10
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 41 | 6.61 |
2022 | 174 | 6.71 |
2021 | 147 | 6.72 |
2020 | 104 | 6.41 |
2019 | 290 | 6.29 |
2018 | 90 | 7.20 |
It may take a day or so for new Enterprise Linux (RHEL) vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Enterprise Linux (RHEL) Security Vulnerabilities
A vulnerability was found in the avahi library
CVE-2023-1981
5.5 - Medium
- May 26, 2023
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
Resource Exhaustion
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.
CVE-2023-33203
6.4 - Medium
- May 18, 2023
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.
Race Condition
A vulnerability was found in the libreswan library
CVE-2023-2295
7.5 - High
- May 17, 2023
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
A flaw was found in the WebKitGTK package
CVE-2023-2203
8.8 - High
- May 17, 2023
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Dangling pointer
A flaw was found in the Emacs text editor
CVE-2023-2491
7.8 - High
- May 17, 2023
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Command Injection
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file
CVE-2023-2731
5.5 - Medium
- May 17, 2023
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.
NULL Pointer Dereference
A flaw was found in LibRaw
CVE-2023-1729
6.5 - Medium
- May 15, 2023
A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.
Memory Corruption
A vulnerability was found in libvirt
CVE-2023-2700
5.5 - Medium
- May 15, 2023
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.
Memory Leak
In Qt before 5.15.14
CVE-2023-32573
6.5 - Medium
- May 10, 2023
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.
Divide By Zero
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol
CVE-2023-2156
7.5 - High
- May 09, 2023
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.
assertion failure
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes
CVE-2023-2513
6.7 - Medium
- May 08, 2023
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
Dangling pointer
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests
CVE-2023-32233
7.8 - High
- May 08, 2023
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
Dangling pointer
Apptainer is an open source container platform for Linux
CVE-2023-30549
7.8 - High
- April 25, 2023
Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0, installations that include apptainer-suid < 1.1.8, and all versions of Singularity in their default configurations on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf (or singularity.conf for singularity versions). This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed.
Dangling pointer
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events
CVE-2023-2019
4.4 - Medium
- April 24, 2023
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver
CVE-2023-2194
6.7 - Medium
- April 20, 2023
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.
Memory Corruption
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel
CVE-2023-28328
5.5 - Medium
- April 19, 2023
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.
NULL Pointer Dereference
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel
CVE-2023-28327
5.5 - Medium
- April 19, 2023
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.
NULL Pointer Dereference
A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel
CVE-2023-1652
7.1 - High
- March 29, 2023
A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.
Dangling pointer
A vulnerability was found in the device-mapper-multipath
CVE-2022-3787
7.8 - High
- March 29, 2023
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.
A flaw was found in the QEMU Guest Agent service for Windows
CVE-2023-0664
7.8 - High
- March 29, 2023
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
Improper Privilege Management
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel
CVE-2023-0179
7.8 - High
- March 27, 2023
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
Integer Overflow or Wraparound
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel
CVE-2023-1380
7.1 - High
- March 27, 2023
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.
Out-of-bounds Read
A flaw was found in the Linux kernel's implementation of RDMA over infiniband
CVE-2021-3923
2.3 - Low
- March 27, 2023
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman
CVE-2023-0778
6.8 - Medium
- March 27, 2023
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
TOCTTOU
A memory corruption flaw was found in the Linux kernels human interface device (HID) subsystem in how a user inserts a malicious USB device
CVE-2023-1073
6.6 - Medium
- March 27, 2023
A memory corruption flaw was found in the Linux kernels human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Memory Corruption
A vulnerability was found in X.Org
CVE-2023-0494
7.8 - High
- March 27, 2023
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Dangling pointer
A flaw was found in KVM
CVE-2023-1513
3.3 - Low
- March 23, 2023
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
Improper Initialization
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault
CVE-2023-1289
5.5 - Medium
- March 23, 2023
A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.
Improper Input Validation
A double-free memory flaw was found in the Linux kernel
CVE-2022-3707
5.5 - Medium
- March 06, 2023
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.
Double-free
A flaw was found in the c-ares package
CVE-2022-4904
8.6 - High
- March 06, 2023
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Improper Input Validation
A use-after-free flaw was found in the Linux kernels SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user
CVE-2022-3424
7.8 - High
- March 06, 2023
A use-after-free flaw was found in the Linux kernels SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Dangling pointer
A vulnerability was found in WebKit
CVE-2019-8720
8.8 - High
- March 06, 2023
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Buffer Overflow
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go
CVE-2023-27561
7 - High
- March 03, 2023
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
Use of Incorrectly-Resolved Name or Reference
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption
CVE-2022-41862
3.7 - Low
- March 03, 2023
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object
CVE-2023-1095
5.5 - Medium
- February 28, 2023
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.
NULL Pointer Dereference
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS
CVE-2023-0361
7.4 - High
- February 15, 2023
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
Side Channel Attack
A flaw was found in pesign
CVE-2022-3560
5.5 - Medium
- February 02, 2023
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.
Directory traversal
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
CVE-2022-4254
8.8 - High
- February 01, 2023
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
An illegal memory access flaw was found in the binutils package
CVE-2022-4285
5.5 - Medium
- January 27, 2023
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
NULL Pointer Dereference
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c
CVE-2022-4743
7.5 - High
- January 12, 2023
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected.
Memory Leak
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform
CVE-2022-3715
7.8 - High
- January 05, 2023
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
Memory Corruption
When rendering certain unicode sequences
CVE-2022-3775
7.1 - High
- December 19, 2022
When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2's heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded.
Memory Corruption
A vulnerability was found in X.Org
CVE-2022-4283
7.8 - High
- December 14, 2022
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
Dangling pointer
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU
CVE-2022-4144
6.5 - Medium
- November 29, 2022
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.
Out-of-bounds Read
A vulnerability was found in keylime
CVE-2022-3500
5.1 - Medium
- November 22, 2022
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.
Uncaught Exception
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c
CVE-2022-3821
5.5 - Medium
- November 08, 2022
An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
A vulnerability found in jasper
CVE-2022-2963
7.5 - High
- October 14, 2022
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.
Memory Leak
A flaw was found In 389-ds-base
CVE-2022-2850
6.5 - Medium
- October 14, 2022
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
NULL Pointer Dereference
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in
CVE-2022-2989
7.1 - High
- September 13, 2022
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Placement of User into Incorrect Group
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in
CVE-2022-2990
7.1 - High
- September 13, 2022
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Placement of User into Incorrect Group
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map
CVE-2022-2905
5.5 - Medium
- September 09, 2022
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.
Out-of-bounds Read
A flaw was found in the Linux kernels driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices
CVE-2022-2964
7.8 - High
- September 09, 2022
A flaw was found in the Linux kernels driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
Buffer Overflow
A flaw was found in python
CVE-2020-10735
7.5 - High
- September 09, 2022
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
Incorrect Type Conversion or Cast
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file
CVE-2022-25309
5.5 - Medium
- September 06, 2022
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.
Heap-based Buffer Overflow
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file
CVE-2022-25310
5.5 - Medium
- September 06, 2022
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.
Buffer Overflow
A stack-based buffer overflow flaw was found in the Fribidi package
CVE-2022-25308
7.8 - High
- September 06, 2022
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
Stack Overflow
An integer coercion error was found in the openvswitch kernel module
CVE-2022-2639
7.8 - High
- September 01, 2022
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Memory Corruption
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function
CVE-2022-1355
6.1 - Medium
- August 31, 2022
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.
Stack Overflow
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function
CVE-2022-1354
5.5 - Medium
- August 31, 2022
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.
Out-of-bounds Read
A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ
CVE-2022-2153
5.5 - Medium
- August 31, 2022
A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
NULL Pointer Dereference
An issue found in linux-kernel that leads to a race condition in rose_connect()
CVE-2022-1247
7 - High
- August 31, 2022
An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their count and use are zero.
Race Condition
A permissive list of allowed inputs flaw was found in DPDK
CVE-2022-2132
8.6 - High
- August 31, 2022
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled
CVE-2022-1263
5.5 - Medium
- August 31, 2022
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
NULL Pointer Dereference
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free
CVE-2022-1016
5.5 - Medium
- August 29, 2022
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
Access of Uninitialized Pointer
A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux
CVE-2022-1198
5.5 - Medium
- August 29, 2022
A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.
Dangling pointer
A flaw was found in the Linux kernel
CVE-2022-1199
7.5 - High
- August 29, 2022
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.
NULL Pointer Dereference
There is a flaw in convert2rhel
CVE-2022-0851
5.5 - Medium
- August 29, 2022
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.
Information Disclosure
There is a flaw in convert2rhel
CVE-2022-0852
5.5 - Medium
- August 29, 2022
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel.
Privacy violation
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq
CVE-2022-0934
7.5 - High
- August 29, 2022
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
Dangling pointer
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernels filesystem sub-component
CVE-2022-1184
5.5 - Medium
- August 29, 2022
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernels filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
Dangling pointer
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation
CVE-2022-0358
7.8 - High
- August 29, 2022
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
Improper Check for Dropped Privileges
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel
CVE-2022-0480
5.5 - Medium
- August 29, 2022
A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.
Allocation of Resources Without Limits or Throttling
A flaw was found in the copying tool `nbdcopy` of libnbd
CVE-2022-0485
4.8 - Medium
- August 29, 2022
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
Unchecked Return Value
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer)
CVE-2022-0175
5.5 - Medium
- August 26, 2022
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.
Missing Initialization of Resource
A flaw was found in the Linux kernel
CVE-2022-0171
5.5 - Medium
- August 26, 2022
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
Insufficient Cleanup
A denial of service (DOS) issue was found in the Linux kernels smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return
CVE-2022-0168
4.4 - Medium
- August 26, 2022
A denial of service (DOS) issue was found in the Linux kernels smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.
NULL Pointer Dereference
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01
CVE-2022-34301
6.7 - Medium
- August 26, 2022
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01
CVE-2022-34302
6.7 - Medium
- August 26, 2022
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
A flaw was found in Eurosoft bootloaders before 2022-06-01
CVE-2022-34303
6.7 - Medium
- August 26, 2022
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created
CVE-2021-35939
6.7 - Medium
- August 26, 2022
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
insecure temporary file
A flaw was found in the Linux kernel
CVE-2021-3669
5.5 - Medium
- August 26, 2022
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
Resource Exhaustion
A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants
CVE-2021-3864
7 - High
- August 26, 2022
A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.
Authorization
A symbolic link issue was found in rpm
CVE-2021-35938
6.7 - Medium
- August 25, 2022
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
insecure temporary file
A race condition vulnerability was found in rpm
CVE-2021-35937
6.4 - Medium
- August 25, 2022
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
insecure temporary file
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer)
CVE-2022-0135
7.8 - High
- August 25, 2022
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.
Memory Corruption
A flaw was found in unzip
CVE-2021-4217
3.3 - Low
- August 24, 2022
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
NULL Pointer Dereference
A flaw was found in JSS, where it did not properly free up all memory
CVE-2021-4213
7.5 - High
- August 24, 2022
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the servers RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.
Memory Leak
A NULL pointer dereference flaw was found in GnuTLS
CVE-2021-4209
6.5 - Medium
- August 24, 2022
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
NULL Pointer Dereference
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation
CVE-2021-4204
7.1 - High
- August 24, 2022
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.
Improper Input Validation
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode
CVE-2021-4189
5.3 - Medium
- August 24, 2022
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
Unchecked Return Value
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures
CVE-2021-4159
4.4 - Medium
- August 24, 2022
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.
A NULL pointer dereference issue was found in the ACPI code of QEMU
CVE-2021-4158
6 - Medium
- August 24, 2022
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
NULL Pointer Dereference
A use-after-free flaw was found in libvirt
CVE-2021-3975
6.5 - Medium
- August 23, 2022
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
Dangling pointer
A flaw was found in the Linux kernel's implementation of Pressure Stall Information
CVE-2022-2938
7.8 - High
- August 23, 2022
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
Dangling pointer
A flaw was found in systemd
CVE-2021-3997
5.5 - Medium
- August 23, 2022
A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.
Stack Exhaustion
A flaw was found in the Linux kernels memory deduplication mechanism
CVE-2021-3714
7.5 - High
- August 23, 2022
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link
CVE-2021-23177
7.8 - High
- August 23, 2022
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.
insecure temporary file
An improper link resolution flaw
CVE-2021-31566
7.8 - High
- August 23, 2022
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
insecure temporary file
A flaw was found in the way Samba handled file/directory metadata
CVE-2021-20316
6.8 - Medium
- August 23, 2022
A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.
Race Condition
A flaw was found in the vhost library in DPDK
CVE-2021-3839
7.5 - High
- August 23, 2022
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Fast Datapath or by Red Hat? Click the Watch button to subscribe.
