Redhat Enterprise Linux vulnerabilities

CVE-2022-0135 [HIGH] CWE-787 CVE-2022-0135: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This fl An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.

CVE-2021-35937 [MEDIUM] CVE-2021-35937: A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to by A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2021-35938 [MEDIUM] CWE-59 CVE-2021-35938: A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credenti A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data

CVE-2021-4204 [HIGH] CWE-20 CVE-2021-4204: An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper In An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.

CVE-2021-4213 [HIGH] CWE-401 CVE-2021-4213: A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.

CVE-2021-4159 [MEDIUM] CWE-202 CVE-2021-4159: A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

CVE-2021-4209 [MEDIUM] CWE-476 CVE-2021-4209: A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally ca A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

CVE-2021-4158 [MEDIUM] CWE-476 CVE-2021-4158: A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user wi A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

CVE-2021-4189 [MEDIUM] CWE-252 CVE-2021-4189: A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerab

CVE-2021-4217 [LOW] CWE-476 CVE-2021-4217: A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, whi A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2021-23177 [HIGH] CWE-59 CVE-2021-23177: An improper link resolution flaw while extracting an archive can lead to changing the access control An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain mor

CVE-2022-2938 [HIGH] CWE-416 CVE-2022-2938: A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the featu A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.

CVE-2021-3839 [HIGH] CWE-125 CVE-2021-3839: A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not valida A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

CVE-2021-31566 [HIGH] CWE-59 CVE-2021-31566: An improper link resolution flaw can occur while extracting an archive leading to changing modes, ti An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privilege

CVE-2021-3975 [MEDIUM] CWE-416 CVE-2021-3975: A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandl A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection co

CVE-2021-20316 [MEDIUM] CWE-362 CVE-2021-20316: A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

CVE-2021-3714 [MEDIUM] CWE-200 CVE-2021-3714: A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that m A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.

CVE-2021-3997 [MEDIUM] CWE-674 CVE-2021-3997: A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of s A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.

CVE-2021-3659 [MEDIUM] CWE-252 CVE-2021-3659: A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking su A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.

CVE-2022-2873 [MEDIUM] CWE-131 CVE-2022-2873: An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.