rhba-2023_6863
Vulnerability from csaf_redhat
Published
2023-11-09 18:33
Modified
2024-12-18 04:43
Summary
Red Hat Bug Fix Advisory: LVMS 4.14.z Bug Fix and Enhancement update
Notes
Topic
Updated container images that fix multiple bugs are now available
for LVMS 4.14.z.
Details
Logical volume manager storage (LVMS) uses the TopoLVM CSI driver to
dynamically provision local storage on single node OpenShift clusters.
Logical volume manager storage creates thin-provisioned volumes using the
Logical Volume Manager and provides dynamic provisioning of block storage
on a single node OpenShift cluster with limited resources.
Users of LVMS are advised to upgrade to the latest version of the LVMS in
OpenShift Container Platform, which fixes these bugs and adds these
enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated container images that fix multiple bugs are now available\nfor LVMS 4.14.z.",
"title": "Topic"
},
{
"category": "general",
"text": "Logical volume manager storage (LVMS) uses the TopoLVM CSI driver to\ndynamically provision local storage on single node OpenShift clusters.\n\nLogical volume manager storage creates thin-provisioned volumes using the\nLogical Volume Manager and provides dynamic provisioning of block storage\non a single node OpenShift cluster with limited resources.\n\nUsers of LVMS are advised to upgrade to the latest version of the LVMS in\nOpenShift Container Platform, which fixes these bugs and adds these\nenhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2023:6863",
"url": "https://access.redhat.com/errata/RHBA-2023:6863"
},
{
"category": "external",
"summary": "OCPBUGS-17180",
"url": "https://issues.redhat.com/browse/OCPBUGS-17180"
},
{
"category": "external",
"summary": "OCPEDGE-591",
"url": "https://issues.redhat.com/browse/OCPEDGE-591"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_6863.json"
}
],
"title": "Red Hat Bug Fix Advisory: LVMS 4.14.z Bug Fix and Enhancement update",
"tracking": {
"current_release_date": "2024-12-18T04:43:49+00:00",
"generator": {
"date": "2024-12-18T04:43:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHBA-2023:6863",
"initial_release_date": "2023-11-09T18:33:40+00:00",
"revision_history": [
{
"date": "2023-11-09T18:33:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-09T18:33:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T04:43:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "LVMS 4.14 for RHEL 9",
"product": {
"name": "LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:lvms:4.14::el9"
}
}
}
],
"category": "product_family",
"name": "logical volume manager storage"
},
{
"branches": [
{
"category": "product_version",
"name": "lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"product": {
"name": "lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"product_id": "lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559?arch=amd64\u0026repository_url=registry.redhat.io/lvms4/lvms-must-gather-rhel9\u0026tag=v4.14.1-3"
}
}
},
{
"category": "product_version",
"name": "lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"product": {
"name": "lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"product_id": "lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd?arch=amd64\u0026repository_url=registry.redhat.io/lvms4/lvms-operator-bundle\u0026tag=v4.14.1-4"
}
}
},
{
"category": "product_version",
"name": "lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64",
"product": {
"name": "lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64",
"product_id": "lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c?arch=amd64\u0026repository_url=registry.redhat.io/lvms4/lvms-rhel9-operator\u0026tag=v4.14.1-3"
}
}
},
{
"category": "product_version",
"name": "lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"product": {
"name": "lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"product_id": "lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4?arch=amd64\u0026repository_url=registry.redhat.io/lvms4/topolvm-rhel9\u0026tag=v4.14.1-2"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"product": {
"name": "lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"product_id": "lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a?arch=ppc64le\u0026repository_url=registry.redhat.io/lvms4/lvms-must-gather-rhel9\u0026tag=v4.14.1-3"
}
}
},
{
"category": "product_version",
"name": "lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"product": {
"name": "lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"product_id": "lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221?arch=ppc64le\u0026repository_url=registry.redhat.io/lvms4/lvms-operator-bundle\u0026tag=v4.14.1-4"
}
}
},
{
"category": "product_version",
"name": "lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"product": {
"name": "lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"product_id": "lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17?arch=ppc64le\u0026repository_url=registry.redhat.io/lvms4/lvms-rhel9-operator\u0026tag=v4.14.1-3"
}
}
},
{
"category": "product_version",
"name": "lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le",
"product": {
"name": "lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le",
"product_id": "lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349?arch=ppc64le\u0026repository_url=registry.redhat.io/lvms4/topolvm-rhel9\u0026tag=v4.14.1-2"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"product": {
"name": "lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"product_id": "lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb?arch=s390x\u0026repository_url=registry.redhat.io/lvms4/lvms-must-gather-rhel9\u0026tag=v4.14.1-3"
}
}
},
{
"category": "product_version",
"name": "lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"product": {
"name": "lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"product_id": "lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3?arch=s390x\u0026repository_url=registry.redhat.io/lvms4/lvms-operator-bundle\u0026tag=v4.14.1-4"
}
}
},
{
"category": "product_version",
"name": "lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"product": {
"name": "lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"product_id": "lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af?arch=s390x\u0026repository_url=registry.redhat.io/lvms4/lvms-rhel9-operator\u0026tag=v4.14.1-3"
}
}
},
{
"category": "product_version",
"name": "lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"product": {
"name": "lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"product_id": "lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"product_identification_helper": {
"purl": "pkg:oci/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633?arch=s390x\u0026repository_url=registry.redhat.io/lvms4/topolvm-rhel9\u0026tag=v4.14.1-2"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"product": {
"name": "lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"product_id": "lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348?arch=arm64\u0026repository_url=registry.redhat.io/lvms4/lvms-must-gather-rhel9\u0026tag=v4.14.1-3"
}
}
},
{
"category": "product_version",
"name": "lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"product": {
"name": "lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"product_id": "lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d?arch=arm64\u0026repository_url=registry.redhat.io/lvms4/lvms-operator-bundle\u0026tag=v4.14.1-4"
}
}
},
{
"category": "product_version",
"name": "lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"product": {
"name": "lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"product_id": "lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a?arch=arm64\u0026repository_url=registry.redhat.io/lvms4/lvms-rhel9-operator\u0026tag=v4.14.1-3"
}
}
},
{
"category": "product_version",
"name": "lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"product": {
"name": "lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"product_id": "lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"product_identification_helper": {
"purl": "pkg:oci/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34?arch=arm64\u0026repository_url=registry.redhat.io/lvms4/topolvm-rhel9\u0026tag=v4.14.1-2"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x"
},
"product_reference": "lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64 as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64"
},
"product_reference": "lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le"
},
"product_reference": "lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64 as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64"
},
"product_reference": "lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64 as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64"
},
"product_reference": "lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x"
},
"product_reference": "lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64 as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64"
},
"product_reference": "lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le"
},
"product_reference": "lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64 as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64"
},
"product_reference": "lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x"
},
"product_reference": "lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le"
},
"product_reference": "lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64 as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64"
},
"product_reference": "lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64 as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64"
},
"product_reference": "lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x"
},
"product_reference": "lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64 as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64"
},
"product_reference": "lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"relates_to_product_reference": "9Base-LVMS-4.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le as a component of LVMS 4.14 for RHEL 9",
"product_id": "9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le"
},
"product_reference": "lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le",
"relates_to_product_reference": "9Base-LVMS-4.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39325",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2243296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le"
],
"known_not_affected": [
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "RHBZ#2243296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://go.dev/issue/63417",
"url": "https://go.dev/issue/63417"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-09T18:33:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6863"
},
{
"category": "workaround",
"details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-10-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2242803"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le"
],
"known_not_affected": [
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "RHBZ#2242803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
},
{
"category": "external",
"summary": "RHSB-2023-003",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "https://github.com/dotnet/announcements/issues/277",
"url": "https://github.com/dotnet/announcements/issues/277"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2102",
"url": "https://pkg.go.dev/vuln/GO-2023-2102"
},
{
"category": "external",
"summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
"url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
},
{
"category": "external",
"summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2023-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-09T18:33:40+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2023:6863"
},
{
"category": "workaround",
"details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
"product_ids": [
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:0523ba33f11bf19e68a53ca564e78132d0ac5f819ac3cf52cbac0b5cc426053d_arm64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64",
"9Base-LVMS-4.14:lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:73c2e385e0d1c1e120362af30c9fa161975b47307e4c771468365b7a3a3a365a_arm64",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:7c0183f3a8d40a6e24e3f5ae28dbeecea7f09e866b8704a70b676639835d12af_s390x",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le",
"9Base-LVMS-4.14:lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64",
"9Base-LVMS-4.14:lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-10-10T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.