Redhat Enterprise Linux vulnerabilities

CVE-2022-28796 [HIGH] CWE-362 CVE-2022-28796: jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVE-2022-27650 [HIGH] CWE-276 CVE-2022-27650: A flaw was found in crun where containers were incorrectly started with non-empty default permission A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate thos

CVE-2022-27649 [HIGH] CWE-276 CVE-2022-27649: A flaw was found in Podman, where containers were started incorrectly with non-empty default permiss A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate

CVE-2022-27651 [MEDIUM] CWE-276 CVE-2022-27651: A flaw was found in buildah where containers were incorrectly started with non-empty default permiss A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilitie

CVE-2020-35501 [LOW] CWE-863 CVE-2020-35501: A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedl A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

CVE-2022-1055 [HIGH] CWE-416 CVE-2022-1055: A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to g A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

CVE-2022-0435 [HIGH] CWE-787 CVE-2022-0435: A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

CVE-2022-0330 [HIGH] CWE-281 CVE-2022-0330: A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

CVE-2021-3941 [MEDIUM] CWE-369 CVE-2021-3941: In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = ( In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of prog

CVE-2022-27666 [HIGH] CWE-787 CVE-2022-27666: A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ip A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

CVE-2021-3748 [HIGH] CWE-416 CVE-2021-3748: A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the d A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute c

CVE-2022-0996 [MEDIUM] CWE-287 CVE-2022-0996: A vulnerability was found in the 389 Directory Server that allows expired passwords to access the da A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

CVE-2022-1011 [HIGH] CWE-416 CVE-2022-1011: A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers wri A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

CVE-2022-0918 [HIGH] CVE-2022-0918: A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker w A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crash

CVE-2021-20257 [MEDIUM] CWE-835 CVE-2021-20257: An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while proce An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerabil

CVE-2022-0516 [HIGH] CWE-200 CVE-2022-0516: A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.

CVE-2021-3698 [HIGH] CWE-295 CVE-2021-3698: A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verificat A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulne

CVE-2022-0847 [HIGH] CWE-665 CVE-2022-0847: A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper i A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate thei

CVE-2021-3660 [MEDIUM] CWE-1021 CVE-2021-3660: Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to rend Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks.

CVE-2021-3733 [MEDIUM] CWE-400 CVE-2021-3733: There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat t