Enterprise Linux (RHEL) Red Hat Enterprise Linux (RHEL)

Do you want an email whenever new security vulnerabilities are reported in Red Hat Enterprise Linux (RHEL)?

Recent Red Hat Enterprise Linux (RHEL) Security Advisories

Advisory Title Published
RHSA-2021:3144 (RHSA-2021:3144) Low: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update August 11, 2021
RHSA-2021:1547 (RHSA-2021:1547) Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update May 12, 2021
RHSA-2021:1546 (RHSA-2021:1546) Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update May 12, 2021

By the Year

In 2022 there have been 164 vulnerabilities in Red Hat Enterprise Linux (RHEL) with an average score of 6.8 out of ten. Last year Enterprise Linux (RHEL) had 147 security vulnerabilities published. That is, 17 more vulnerabilities have already been reported in 2022 as compared to last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.09.

Year Vulnerabilities Average Score
2022 164 6.81
2021 147 6.72
2020 96 6.27
2019 176 6.94
2018 83 7.32

It may take a day or so for new Enterprise Linux (RHEL) vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Enterprise Linux (RHEL) Security Vulnerabilities

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in

CVE-2022-2989 7.1 - High - September 13, 2022

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

AuthZ

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in

CVE-2022-2990 7.1 - High - September 13, 2022

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

AuthZ

A flaw was found in the Linux kernels driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices

CVE-2022-2964 7.8 - High - September 09, 2022

A flaw was found in the Linux kernels driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.

Memory Corruption

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map

CVE-2022-2905 5.5 - Medium - September 09, 2022

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.

Out-of-bounds Read

A flaw was found in python

CVE-2020-10735 7.5 - High - September 09, 2022

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Incorrect Type Conversion or Cast

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file

CVE-2022-25309 5.5 - Medium - September 06, 2022

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.

Memory Corruption

A stack-based buffer overflow flaw was found in the Fribidi package

CVE-2022-25308 7.8 - High - September 06, 2022

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.

Memory Corruption

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file

CVE-2022-25310 5.5 - Medium - September 06, 2022

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.

An integer coercion error was found in the openvswitch kernel module

CVE-2022-2639 7.8 - High - September 01, 2022

An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Memory Corruption

A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ

CVE-2022-2153 5.5 - Medium - August 31, 2022

A flaw was found in the Linux kernels KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

NULL Pointer Dereference

An issue found in linux-kernel that leads to a race condition in rose_connect()

CVE-2022-1247 7 - High - August 31, 2022

An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their count and use are zero.

Race Condition

A permissive list of allowed inputs flaw was found in DPDK

CVE-2022-2132 8.6 - High - August 31, 2022

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled

CVE-2022-1263 5.5 - Medium - August 31, 2022

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

NULL Pointer Dereference

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function

CVE-2022-1355 6.1 - Medium - August 31, 2022

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

Buffer Overflow

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function

CVE-2022-1354 5.5 - Medium - August 31, 2022

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.

Memory Corruption

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux

CVE-2022-1198 5.5 - Medium - August 29, 2022

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.

Dangling pointer

A flaw was found in the Linux kernel

CVE-2022-1199 7.5 - High - August 29, 2022

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.

NULL Pointer Dereference

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free

CVE-2022-1016 5.5 - Medium - August 29, 2022

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Dangling pointer

There is a flaw in convert2rhel

CVE-2022-0851 5.5 - Medium - August 29, 2022

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.

There is a flaw in convert2rhel

CVE-2022-0852 5.5 - Medium - August 29, 2022

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel.

Exposure of Resource to Wrong Sphere

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq

CVE-2022-0934 7.5 - High - August 29, 2022

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.

Dangling pointer

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernels filesystem sub-component

CVE-2022-1184 5.5 - Medium - August 29, 2022

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernels filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

Dangling pointer

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation

CVE-2022-0358 7.8 - High - August 29, 2022

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.

Improper Check for Dropped Privileges

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel

CVE-2022-0480 5.5 - Medium - August 29, 2022

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.

Allocation of Resources Without Limits or Throttling

A flaw was found in the copying tool `nbdcopy` of libnbd

CVE-2022-0485 7.4 - High - August 29, 2022

A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.

Unchecked Return Value

A flaw was found in the Linux kernel

CVE-2022-0171 5.5 - Medium - August 26, 2022

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

Insufficient Cleanup

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01

CVE-2022-34301 6.7 - Medium - August 26, 2022

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01

CVE-2022-34302 6.7 - Medium - August 26, 2022

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

A flaw was found in Eurosoft bootloaders before 2022-06-01

CVE-2022-34303 6.7 - Medium - August 26, 2022

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.

A denial of service (DOS) issue was found in the Linux kernels smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return

CVE-2022-0168 4.4 - Medium - August 26, 2022

A denial of service (DOS) issue was found in the Linux kernels smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.

NULL Pointer Dereference

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer)

CVE-2022-0175 5.5 - Medium - August 26, 2022

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.

Missing Initialization of Resource

A flaw was found in the Linux kernel

CVE-2021-3669 5.5 - Medium - August 26, 2022

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

Resource Exhaustion

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created

CVE-2021-35939 7.8 - High - August 26, 2022

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

insecure temporary file

A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants

CVE-2021-3864 7 - High - August 26, 2022

A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.

A symbolic link issue was found in rpm

CVE-2021-35938 7.8 - High - August 25, 2022

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

insecure temporary file

A race condition vulnerability was found in rpm

CVE-2021-35937 6.4 - Medium - August 25, 2022

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

insecure temporary file

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer)

CVE-2022-0135 7.8 - High - August 25, 2022

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

Memory Corruption

A flaw was found in unzip

CVE-2021-4217 7.8 - High - August 24, 2022

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

NULL Pointer Dereference

A flaw was found in JSS, where it did not properly free up all memory

CVE-2021-4213 7.5 - High - August 24, 2022

A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the servers RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.

Memory Leak

A NULL pointer dereference issue was found in the ACPI code of QEMU

CVE-2021-4158 6 - Medium - August 24, 2022

A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

NULL Pointer Dereference

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures

CVE-2021-4159 4.4 - Medium - August 24, 2022

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode

CVE-2021-4189 5.3 - Medium - August 24, 2022

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.

Unchecked Return Value

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation

CVE-2021-4204 7.1 - High - August 24, 2022

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.

Memory Corruption

A NULL pointer dereference flaw was found in GnuTLS

CVE-2021-4209 6.5 - Medium - August 24, 2022

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

NULL Pointer Dereference

A flaw was found in systemd

CVE-2021-3997 5.5 - Medium - August 23, 2022

A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.

Stack Exhaustion

A use-after-free flaw was found in libvirt

CVE-2021-3975 6.5 - Medium - August 23, 2022

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.

Dangling pointer

A flaw was found in the Linux kernel's implementation of Pressure Stall Information

CVE-2022-2938 7.8 - High - August 23, 2022

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.

Dangling pointer

A flaw was found in the way Samba handled file/directory metadata

CVE-2021-20316 6.8 - Medium - August 23, 2022

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

Race Condition

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link

CVE-2021-23177 7.8 - High - August 23, 2022

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

insecure temporary file

A flaw was found in the Linux kernels memory deduplication mechanism

CVE-2021-3714 7.5 - High - August 23, 2022

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.

An improper link resolution flaw

CVE-2021-31566 7.8 - High - August 23, 2022

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.

insecure temporary file

A flaw was found in the vhost library in DPDK

CVE-2021-3839 7.5 - High - August 23, 2022

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Out-of-bounds Read

An out-of-bounds memory access flaw was found in the Linux kernel Intels iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data

CVE-2022-2873 5.5 - Medium - August 22, 2022

An out-of-bounds memory access flaw was found in the Linux kernel Intels iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.

Incorrect Calculation of Buffer Size

A NULL pointer dereference flaw was found in the Linux kernels IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection

CVE-2021-3659 5.5 - Medium - August 22, 2022

A NULL pointer dereference flaw was found in the Linux kernels IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

A vulnerability was found in PostgreSQL

CVE-2022-2625 8 - High - August 18, 2022

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

Improper Control of Dynamically-Managed Code Resources

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring

CVE-2020-14394 3.2 - Low - August 17, 2022

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

Infinite Loop

A flaw was found in KVM

CVE-2022-1158 7.8 - High - August 05, 2022

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.

Dangling pointer

A vulnerability found in gnutls

CVE-2022-2509 7.5 - High - August 01, 2022

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Double-free

A stored XSS and blind SSRF vulnerability was found in Moodle

CVE-2022-35651 6.1 - Medium - July 25, 2022

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.

XSS

A reflected XSS issue was identified in the LTI module of Moodle

CVE-2022-35653 6.1 - Medium - July 25, 2022

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.

XSS

A flaw was found in pki-core, which could

CVE-2022-2393 5.7 - Medium - July 14, 2022

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

authentification

A vulnerability was found in libguestfs

CVE-2022-2211 6.5 - Medium - July 12, 2022

A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.

Classic Buffer Overflow

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area

CVE-2021-3695 4.5 - Medium - July 06, 2022

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.

Memory Corruption

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader

CVE-2021-3696 4.5 - Medium - July 06, 2022

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Memory Corruption

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap

CVE-2021-3697 7 - High - July 06, 2022

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Memory Corruption

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files

CVE-2022-0987 3.3 - Low - June 28, 2022

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture

CVE-2022-1665 8.2 - High - June 21, 2022

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.

In ImageMagick, there is load of misaligned address for type 'double'

CVE-2022-32547 7.8 - High - June 16, 2022

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.

Incorrect Type Conversion or Cast

A vulnerability was found in ImageMagick

CVE-2022-32545 7.8 - High - June 16, 2022

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Integer Overflow or Wraparound

A vulnerability was found in ImageMagick

CVE-2022-32546 7.8 - High - June 16, 2022

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.

Integer Overflow or Wraparound

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user()

CVE-2022-1998 7.8 - High - June 09, 2022

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

Dangling pointer

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API

CVE-2022-1708 7.5 - High - June 07, 2022

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.

Resource Exhaustion

An access control bypass vulnerability found in 389-ds-base

CVE-2022-1949 7.5 - High - June 02, 2022

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.

AuthZ

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva

CVE-2022-1789 6.8 - Medium - June 02, 2022

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.

NULL Pointer Dereference

Linux Kernel could allow a local attacker to execute arbitrary code on the system

CVE-2022-1652 7.8 - High - June 02, 2022

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

Dangling pointer

An out-of-bounds read flaw was found in the Linux kernels TeleTYpe subsystem

CVE-2022-1462 6.3 - Medium - June 02, 2022

An out-of-bounds read flaw was found in the Linux kernels TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.

Race Condition

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.

CVE-2022-30600 9.8 - Critical - May 18, 2022

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.

Incorrect Calculation

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.

CVE-2022-30597 5.3 - Medium - May 18, 2022

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.

CVE-2022-30598 4.3 - Medium - May 18, 2022

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.

CVE-2022-30599 9.8 - Critical - May 18, 2022

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.

SQL Injection

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.

CVE-2022-30596 5.4 - Medium - May 18, 2022

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.

XSS

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products

CVE-2022-1706 6.5 - Medium - May 17, 2022

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.

AuthZ

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file

CVE-2022-1587 9.1 - Critical - May 16, 2022

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

Out-of-bounds Read

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file

CVE-2022-1586 9.1 - Critical - May 16, 2022

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

Out-of-bounds Read

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU

CVE-2021-3611 6.5 - Medium - May 11, 2022

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.

Memory Corruption

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU

CVE-2021-3750 8.2 - High - May 02, 2022

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.

Dangling pointer

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria

CVE-2022-0984 4.3 - Medium - April 29, 2022

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

AuthZ

A flaw was found in the QXL display device emulation in QEMU

CVE-2021-4206 8.2 - High - April 29, 2022

A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Integer Overflow or Wraparound

A flaw was found in the QXL display device emulation in QEMU

CVE-2021-4207 8.8 - High - April 29, 2022

A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.

Race Condition

A use-after-free flaw was found in the Linux kernels sound subsystem in the way a user triggers concurrent calls of PCM hw_params

CVE-2022-1048 7 - High - April 29, 2022

A use-after-free flaw was found in the Linux kernels sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Race Condition

A privilege escalation flaw was found in Podman

CVE-2022-1227 8.8 - High - April 29, 2022

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.

Improper Privilege Management

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel

CVE-2022-1353 7.1 - High - April 29, 2022

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

CVE-2021-42778 5.3 - Medium - April 18, 2022

A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

Double-free

A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.

CVE-2021-42779 5.3 - Medium - April 18, 2022

A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.

Dangling pointer

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c

CVE-2021-42781 5.3 - Medium - April 18, 2022

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.

Memory Corruption

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function

CVE-2021-42780 5.3 - Medium - April 18, 2022

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

Unchecked Return Value

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5

CVE-2022-1304 7.8 - High - April 14, 2022

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Out-of-bounds Read

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem

CVE-2022-1280 6.3 - Medium - April 13, 2022

A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.

Dangling pointer

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2022-28796 7 - High - April 08, 2022

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

Dangling pointer

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions

CVE-2022-27649 7.5 - High - April 04, 2022

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

Incorrect Default Permissions

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Developer Tools or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe