rhsa-2022_6526
Vulnerability from csaf_redhat
Published
2022-09-14 19:28
Modified
2024-11-06 01:37
Summary
Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update
Notes
Topic
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11
===============
hostpath-provisioner-container-v4.11.0-21
kubevirt-tekton-tasks-operator-container-v4.11.0-29
kubevirt-template-validator-container-v4.11.0-17
bridge-marker-container-v4.11.0-26
hostpath-csi-driver-container-v4.11.0-21
cluster-network-addons-operator-container-v4.11.0-26
ovs-cni-marker-container-v4.11.0-26
virtio-win-container-v4.11.0-16
ovs-cni-plugin-container-v4.11.0-26
kubemacpool-container-v4.11.0-26
hostpath-provisioner-operator-container-v4.11.0-24
cnv-containernetworking-plugins-container-v4.11.0-26
kubevirt-ssp-operator-container-v4.11.0-54
virt-cdi-uploadserver-container-v4.11.0-59
virt-cdi-cloner-container-v4.11.0-59
virt-cdi-operator-container-v4.11.0-59
virt-cdi-importer-container-v4.11.0-59
virt-cdi-uploadproxy-container-v4.11.0-59
virt-cdi-controller-container-v4.11.0-59
virt-cdi-apiserver-container-v4.11.0-59
kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7
kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7
kubevirt-tekton-tasks-copy-template-container-v4.11.0-7
checkup-framework-container-v4.11.0-67
kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7
vm-network-latency-checkup-container-v4.11.0-67
kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7
hyperconverged-cluster-webhook-container-v4.11.0-95
cnv-must-gather-container-v4.11.0-62
hyperconverged-cluster-operator-container-v4.11.0-95
kubevirt-console-plugin-container-v4.11.0-83
virt-controller-container-v4.11.0-105
virt-handler-container-v4.11.0-105
virt-operator-container-v4.11.0-105
virt-launcher-container-v4.11.0-105
virt-artifacts-server-container-v4.11.0-105
virt-api-container-v4.11.0-105
libguestfs-tools-container-v4.11.0-105
hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "OpenShift Virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.11.0 images:\n\nRHEL-8-CNV-4.11\n===============\nhostpath-provisioner-container-v4.11.0-21\nkubevirt-tekton-tasks-operator-container-v4.11.0-29\nkubevirt-template-validator-container-v4.11.0-17\nbridge-marker-container-v4.11.0-26\nhostpath-csi-driver-container-v4.11.0-21\ncluster-network-addons-operator-container-v4.11.0-26\novs-cni-marker-container-v4.11.0-26\nvirtio-win-container-v4.11.0-16\novs-cni-plugin-container-v4.11.0-26\nkubemacpool-container-v4.11.0-26\nhostpath-provisioner-operator-container-v4.11.0-24\ncnv-containernetworking-plugins-container-v4.11.0-26\nkubevirt-ssp-operator-container-v4.11.0-54\nvirt-cdi-uploadserver-container-v4.11.0-59\nvirt-cdi-cloner-container-v4.11.0-59\nvirt-cdi-operator-container-v4.11.0-59\nvirt-cdi-importer-container-v4.11.0-59\nvirt-cdi-uploadproxy-container-v4.11.0-59\nvirt-cdi-controller-container-v4.11.0-59\nvirt-cdi-apiserver-container-v4.11.0-59\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.0-7\ncheckup-framework-container-v4.11.0-67\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7\nvm-network-latency-checkup-container-v4.11.0-67\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7\nhyperconverged-cluster-webhook-container-v4.11.0-95\ncnv-must-gather-container-v4.11.0-62\nhyperconverged-cluster-operator-container-v4.11.0-95\nkubevirt-console-plugin-container-v4.11.0-83\nvirt-controller-container-v4.11.0-105\nvirt-handler-container-v4.11.0-105\nvirt-operator-container-v4.11.0-105\nvirt-launcher-container-v4.11.0-105\nvirt-artifacts-server-container-v4.11.0-105\nvirt-api-container-v4.11.0-105\nlibguestfs-tools-container-v4.11.0-105\nhco-bundle-registry-container-v4.11.0-587\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n\n* golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)\n\n* golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)\n\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:6526", "url": "https://access.redhat.com/errata/RHSA-2022:6526" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1937609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937609" }, { "category": "external", "summary": "1945593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945593" }, { "category": "external", "summary": "1968514", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968514" }, { "category": "external", "summary": "1993109", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993109" }, { "category": "external", "summary": "1994604", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994604" }, { "category": "external", "summary": "2001385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001385" }, { "category": "external", "summary": "2009793", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2009793" }, { "category": "external", "summary": "2010318", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010318" }, { "category": "external", "summary": "2025276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025276" }, { "category": "external", "summary": "2025401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025401" }, { "category": "external", "summary": "2026357", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026357" }, { "category": "external", "summary": "2029349", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029349" }, { "category": "external", "summary": "2030801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801" }, { "category": "external", "summary": "2030806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806" }, { "category": "external", "summary": "2031857", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031857" }, { "category": "external", "summary": "2033077", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2033077" }, { "category": "external", "summary": "2035344", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035344" }, { "category": "external", "summary": "2036676", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036676" }, { "category": "external", "summary": "2039976", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039976" }, { "category": "external", "summary": "2040766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040766" }, { "category": "external", "summary": "2041467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041467" }, { "category": "external", "summary": "2042402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042402" }, { "category": "external", "summary": "2042809", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042809" }, { "category": "external", "summary": "2045086", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045086" }, { "category": "external", "summary": "2045880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" }, { "category": "external", "summary": "2047186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047186" }, { "category": "external", "summary": "2051899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2051899" }, { "category": "external", "summary": "2052094", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052094" }, { "category": "external", "summary": "2052466", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052466" }, { "category": "external", "summary": "2052689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052689" }, { "category": "external", "summary": "2053429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429" }, { "category": "external", "summary": "2053532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532" }, { "category": "external", "summary": "2053541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541" }, { "category": "external", "summary": "2056467", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056467" }, { "category": "external", "summary": "2057157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057157" }, { "category": "external", "summary": "2057310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057310" }, { "category": "external", "summary": "2058149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058149" }, { "category": "external", "summary": "2058925", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058925" }, { "category": "external", "summary": "2059121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2059121" }, { "category": "external", "summary": "2060485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060485" }, { "category": "external", "summary": "2060585", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060585" }, { "category": "external", "summary": "2061208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061208" }, { "category": "external", "summary": "2061723", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061723" }, { "category": "external", "summary": "2063540", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063540" }, { "category": "external", "summary": "2063792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063792" }, { "category": "external", "summary": "2064034", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064034" }, { "category": "external", "summary": "2064702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702" }, { "category": "external", "summary": "2064857", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857" }, { "category": "external", "summary": "2064936", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064936" }, { "category": "external", "summary": "2065014", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065014" }, { "category": "external", "summary": "2065019", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2065019" }, { "category": "external", "summary": "2066768", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066768" }, { "category": "external", "summary": "2067246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067246" }, { "category": "external", "summary": "2069287", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069287" }, { "category": "external", "summary": "2069388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069388" }, { "category": "external", "summary": "2070366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070366" }, { "category": "external", "summary": "2070864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070864" }, { "category": "external", "summary": "2071488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071488" }, { "category": "external", "summary": "2071549", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071549" }, { "category": "external", "summary": "2071611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071611" }, { "category": "external", "summary": "2071921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071921" }, { "category": "external", "summary": "2073669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073669" }, { "category": "external", "summary": "2073679", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073679" }, { "category": "external", "summary": "2073982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073982" }, { "category": "external", "summary": "2074337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074337" }, { "category": "external", "summary": "2075200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075200" }, { "category": "external", "summary": "2075409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075409" }, { "category": "external", "summary": "2076292", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076292" }, { "category": "external", "summary": "2076379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076379" }, { "category": "external", "summary": "2076790", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076790" }, { "category": "external", "summary": "2076908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076908" }, { "category": "external", "summary": "2077688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688" }, { "category": "external", "summary": "2077689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689" }, { "category": "external", "summary": "2078700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078700" }, { "category": "external", "summary": "2078703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078703" }, { "category": "external", "summary": "2078709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078709" }, { "category": "external", "summary": "2078728", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078728" }, { "category": "external", "summary": "2079366", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079366" }, { "category": "external", "summary": "2079674", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079674" }, { "category": "external", "summary": "2079783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079783" }, { "category": "external", "summary": "2080132", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080132" }, { "category": "external", "summary": "2080155", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080155" }, { "category": "external", "summary": "2080547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080547" }, { "category": "external", "summary": "2080833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080833" }, { "category": "external", "summary": "2080835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080835" }, { "category": "external", "summary": "2081182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081182" }, { "category": "external", "summary": "2081202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081202" }, { "category": "external", "summary": "2081409", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081409" }, { "category": "external", "summary": "2081671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081671" }, { "category": "external", "summary": "2081831", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081831" }, { "category": "external", "summary": "2082008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082008" }, { "category": "external", "summary": "2082164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082164" }, { "category": "external", "summary": "2082912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082912" }, { "category": "external", "summary": "2083093", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083093" }, { "category": "external", "summary": "2083097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083097" }, { "category": "external", "summary": "2083100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083100" }, { "category": "external", "summary": "2083101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083101" }, { "category": "external", "summary": "2083135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083135" }, { "category": "external", "summary": "2083256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083256" }, { "category": "external", "summary": "2083595", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2083595" }, { "category": "external", "summary": "2084102", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084102" }, { "category": "external", "summary": "2084122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084122" }, { "category": "external", "summary": "2084418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084418" }, { "category": "external", "summary": "2084431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084431" }, { "category": "external", "summary": "2084476", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084476" }, { "category": "external", "summary": "2084532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084532" }, { "category": "external", "summary": "2084610", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2084610" }, { "category": "external", "summary": "2085320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085320" }, { "category": "external", "summary": "2085322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085322" }, { "category": "external", "summary": "2086272", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086272" }, { "category": "external", "summary": "2086278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086278" }, { "category": "external", "summary": "2086281", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086281" }, { "category": "external", "summary": "2086286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086286" }, { "category": "external", "summary": "2086293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086293" }, { "category": "external", "summary": "2086294", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086294" }, { "category": "external", "summary": "2086303", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086303" }, { "category": "external", "summary": "2086479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086479" }, { "category": "external", "summary": "2086486", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086486" }, { "category": "external", "summary": "2086488", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086488" }, { "category": "external", "summary": "2086769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086769" }, { "category": "external", "summary": "2086803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086803" }, { "category": "external", "summary": "2086825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086825" }, { "category": "external", "summary": "2086849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2086849" }, { "category": "external", "summary": "2087188", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087188" }, { "category": "external", "summary": "2087189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087189" }, { "category": "external", "summary": "2087232", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087232" }, { "category": "external", "summary": "2087546", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087546" }, { "category": "external", "summary": "2087547", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087547" }, { "category": "external", "summary": "2087559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087559" }, { "category": "external", "summary": "2087566", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087566" }, { "category": "external", "summary": "2087570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087570" }, { "category": "external", "summary": "2087577", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087577" }, { "category": "external", "summary": "2087578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087578" }, { "category": "external", "summary": "2087582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087582" }, { "category": "external", "summary": "2087583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087583" }, { "category": "external", "summary": "2087584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087584" }, { "category": "external", "summary": "2087587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087587" }, { "category": "external", "summary": "2087589", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087589" }, { "category": "external", "summary": "2087590", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087590" }, { "category": "external", "summary": "2087593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087593" }, { "category": "external", "summary": "2087603", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087603" }, { "category": "external", "summary": "2087616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087616" }, { "category": "external", "summary": "2087701", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087701" }, { "category": "external", "summary": "2087717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087717" }, { "category": "external", "summary": "2088034", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088034" }, { "category": "external", "summary": "2088355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088355" }, { "category": "external", "summary": "2088361", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088361" }, { "category": "external", "summary": "2088379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088379" }, { "category": "external", "summary": "2088407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088407" }, { "category": "external", "summary": "2088471", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088471" }, { "category": "external", "summary": "2088472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088472" }, { "category": "external", "summary": "2088477", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088477" }, { "category": "external", "summary": "2088849", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088849" }, { "category": "external", "summary": "2089078", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089078" }, { "category": "external", "summary": "2089271", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089271" }, { "category": "external", "summary": "2089327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089327" }, { "category": "external", "summary": "2089376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089376" }, { "category": "external", "summary": "2089477", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089477" }, { "category": "external", "summary": "2089700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089700" }, { "category": "external", "summary": "2089745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089745" }, { "category": "external", "summary": "2089789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089789" }, { "category": "external", "summary": "2089825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089825" }, { "category": "external", "summary": "2089836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089836" }, { "category": "external", "summary": "2089840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089840" }, { "category": "external", "summary": "2089877", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089877" }, { "category": "external", "summary": "2089932", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089932" }, { "category": "external", "summary": "2089942", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089942" }, { "category": "external", "summary": "2089954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089954" }, { "category": "external", "summary": "2089963", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089963" }, { "category": "external", "summary": "2089967", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089967" }, { "category": "external", "summary": "2089970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089970" }, { "category": "external", "summary": "2089972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089972" }, { "category": "external", "summary": "2089979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089979" }, { "category": "external", "summary": "2089982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089982" }, { "category": "external", "summary": "2090035", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090035" }, { "category": "external", "summary": "2090036", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090036" }, { "category": "external", "summary": "2090037", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090037" }, { "category": "external", "summary": "2090038", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090038" }, { "category": "external", "summary": "2090042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090042" }, { "category": "external", "summary": "2090043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090043" }, { "category": "external", "summary": "2090046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090046" }, { "category": "external", "summary": "2090048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090048" }, { "category": "external", "summary": "2090054", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090054" }, { "category": "external", "summary": "2090055", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090055" }, { "category": "external", "summary": "2090056", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090056" }, { "category": "external", "summary": "2090057", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090057" }, { "category": "external", "summary": "2090059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090059" }, { "category": "external", "summary": "2090064", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090064" }, { "category": "external", "summary": "2090066", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090066" }, { "category": "external", "summary": "2090068", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090068" }, { "category": "external", "summary": "2090131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090131" }, { "category": "external", "summary": "2090350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090350" }, { "category": "external", "summary": "2091003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091003" }, { "category": "external", "summary": "2091058", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091058" }, { "category": "external", "summary": "2091309", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091309" }, { "category": "external", "summary": "2091406", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091406" }, { "category": "external", "summary": "2091754", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091754" }, { "category": "external", "summary": "2091755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091755" }, { "category": "external", "summary": "2091756", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091756" }, { "category": "external", "summary": "2091758", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091758" }, { "category": "external", "summary": "2091760", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091760" }, { "category": "external", "summary": "2091761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091761" }, { "category": "external", "summary": "2091762", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091762" }, { "category": "external", "summary": "2091764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091764" }, { "category": "external", "summary": "2091765", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091765" }, { "category": "external", "summary": "2091766", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091766" }, { "category": "external", "summary": "2091853", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091853" }, { "category": "external", "summary": "2091863", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091863" }, { "category": "external", "summary": "2091868", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091868" }, { "category": "external", "summary": "2091889", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091889" }, { "category": "external", "summary": "2091897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091897" }, { "category": "external", "summary": "2091904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091904" }, { "category": "external", "summary": "2091911", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091911" }, { "category": "external", "summary": "2091940", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091940" }, { "category": "external", "summary": "2091945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091945" }, { "category": "external", "summary": "2091946", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091946" }, { "category": "external", "summary": "2091982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091982" }, { "category": "external", "summary": "2092048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092048" }, { "category": "external", "summary": "2092052", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092052" }, { "category": "external", "summary": "2092071", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092071" }, { "category": "external", "summary": "2092079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092079" }, { "category": "external", "summary": "2092158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092158" }, { "category": "external", "summary": "2092228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092228" }, { "category": "external", "summary": "2092230", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092230" }, { "category": "external", "summary": "2092306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092306" }, { "category": "external", "summary": "2092337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092337" }, { "category": "external", "summary": "2092359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092359" }, { "category": "external", "summary": "2092654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092654" }, { "category": "external", "summary": "2092662", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092662" }, { "category": "external", "summary": "2092663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092663" }, { "category": "external", "summary": "2092664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092664" }, { "category": "external", "summary": "2092781", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092781" }, { "category": "external", "summary": "2092783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092783" }, { "category": "external", "summary": "2092787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092787" }, { "category": "external", "summary": "2092789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092789" }, { "category": "external", "summary": "2092951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092951" }, { "category": "external", "summary": "2093282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093282" }, { "category": "external", "summary": "2093691", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093691" }, { "category": "external", "summary": "2093713", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093713" }, { "category": "external", "summary": "2093715", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093715" }, { "category": "external", "summary": "2093716", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093716" }, { "category": "external", "summary": "2093772", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093772" }, { "category": "external", "summary": "2093773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093773" }, { "category": "external", "summary": "2093866", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093866" }, { "category": "external", "summary": "2093867", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093867" }, { "category": "external", "summary": "2094202", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094202" }, { "category": "external", "summary": "2094207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094207" }, { "category": "external", "summary": "2094208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094208" }, { "category": "external", "summary": "2094217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094217" }, { "category": "external", "summary": "2094222", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094222" }, { "category": "external", "summary": "2094323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094323" }, { "category": "external", "summary": "2094405", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094405" }, { "category": "external", "summary": "2094440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094440" }, { "category": "external", "summary": "2094451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094451" }, { "category": "external", "summary": "2094453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094453" }, { "category": "external", "summary": "2094465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094465" }, { "category": "external", "summary": "2094471", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094471" }, { "category": "external", "summary": "2094481", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094481" }, { "category": "external", "summary": "2094486", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094486" }, { "category": "external", "summary": "2094491", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094491" }, { "category": "external", "summary": "2094495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094495" }, { "category": "external", "summary": "2094646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094646" }, { "category": "external", "summary": "2094665", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094665" }, { "category": "external", "summary": "2094678", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094678" }, { "category": "external", "summary": "2094727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094727" }, { "category": "external", "summary": "2094807", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094807" }, { "category": "external", "summary": "2094813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094813" }, { "category": "external", "summary": "2094848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094848" }, { "category": "external", "summary": "2095125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095125" }, { "category": "external", "summary": "2095129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095129" }, { "category": "external", "summary": "2095224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095224" }, { "category": "external", "summary": "2095529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095529" }, { "category": "external", "summary": "2095530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095530" }, { "category": "external", "summary": "2095532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095532" }, { "category": "external", "summary": "2095537", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095537" }, { "category": "external", "summary": "2095570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095570" }, { "category": "external", "summary": "2095573", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095573" }, { "category": "external", "summary": "2095953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095953" }, { "category": "external", "summary": "2095955", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095955" }, { "category": "external", "summary": "2096166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096166" }, { "category": "external", "summary": "2096206", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096206" }, { "category": "external", "summary": "2096208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096208" }, { "category": "external", "summary": "2096263", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096263" }, { "category": "external", "summary": "2096333", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096333" }, { "category": "external", "summary": "2096492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096492" }, { "category": "external", "summary": "2096502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096502" }, { "category": "external", "summary": "2096510", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096510" }, { "category": "external", "summary": "2096511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096511" }, { "category": "external", "summary": "2096620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096620" }, { "category": "external", "summary": "2096781", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096781" }, { "category": "external", "summary": "2096801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096801" }, { "category": "external", "summary": "2096845", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096845" }, { "category": "external", "summary": "2097328", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097328" }, { "category": "external", "summary": "2097370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097370" }, { "category": "external", "summary": "2097465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097465" }, { "category": "external", "summary": "2097586", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097586" }, { "category": "external", "summary": "2098134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098134" }, { "category": "external", "summary": "2098135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098135" }, { "category": "external", "summary": "2098282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098282" }, { "category": "external", "summary": "2099443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099443" }, { "category": "external", "summary": "2099533", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099533" }, { "category": "external", "summary": "2099535", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099535" }, { "category": "external", "summary": "2099539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099539" }, { "category": "external", "summary": "2099566", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099566" }, { "category": "external", "summary": "2099608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099608" }, { "category": "external", "summary": "2099633", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099633" }, { "category": "external", "summary": "2099639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099639" }, { "category": "external", "summary": "2099802", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099802" }, { "category": "external", "summary": "2100054", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100054" }, { "category": "external", "summary": "2100284", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100284" }, { "category": "external", "summary": "2100415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100415" }, { "category": "external", "summary": "2100495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495" }, { "category": "external", "summary": "2101164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101164" }, { "category": "external", "summary": "2101192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101192" }, { "category": "external", "summary": "2101430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101430" }, { "category": "external", "summary": "2101454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101454" }, { "category": "external", "summary": "2101485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101485" }, { "category": "external", "summary": "2101628", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101628" }, { "category": "external", "summary": "2101954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2101954" }, { "category": "external", "summary": "2102076", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102076" }, { "category": "external", "summary": "2102116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102116" }, { "category": "external", "summary": "2102117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102117" }, { "category": "external", "summary": "2102122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102122" }, { "category": "external", "summary": "2102124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102124" }, { "category": "external", "summary": "2102125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102125" }, { "category": "external", "summary": "2102127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102127" }, { "category": "external", "summary": "2102129", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102129" }, { "category": "external", "summary": "2102131", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102131" }, { "category": "external", "summary": "2102135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102135" }, { "category": "external", "summary": "2102143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102143" }, { "category": "external", "summary": "2102256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102256" }, { "category": "external", "summary": "2102448", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102448" }, { "category": "external", "summary": "2102543", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102543" }, { "category": "external", "summary": "2102544", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102544" }, { "category": "external", "summary": "2102545", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102545" }, { "category": "external", "summary": "2104617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104617" }, { "category": "external", "summary": "2106175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106175" }, { "category": "external", "summary": "2106258", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2106258" }, { "category": "external", "summary": "2110178", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110178" }, { "category": "external", "summary": "2111359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111359" }, { "category": "external", "summary": "2111562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2111562" }, { "category": "external", "summary": "2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6526.json" } ], "title": "Red Hat Security Advisory: OpenShift Virtualization 4.11.0 Images security and bug fix update", "tracking": { "current_release_date": "2024-11-06T01:37:57+00:00", "generator": { "date": "2024-11-06T01:37:57+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:6526", "initial_release_date": "2022-09-14T19:28:51+00:00", "revision_history": [ { "date": "2022-09-14T19:28:51+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-09-14T19:28:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T01:37:57+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "CNV 4.11 for RHEL 8", "product": { "name": "CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:container_native_virtualization:4.11::el8" } } } ], "category": "product_family", "name": "OpenShift Virtualization" }, { "branches": [ { "category": "product_version", "name": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "product": { "name": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "product_id": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "product_identification_helper": { "purl": "pkg:oci/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/bridge-marker\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "product": { "name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "product_id": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "product_identification_helper": { "purl": "pkg:oci/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/checkup-framework\u0026tag=v4.11.0-67" } } }, { "category": "product_version", "name": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "product": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "product_id": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cluster-network-addons-operator\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "product": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "product_id": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-containernetworking-plugins\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "product": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "product_id": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "product_identification_helper": { "purl": "pkg:oci/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8\u0026tag=v4.11.0-63" } } }, { "category": "product_version", "name": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "product": { "name": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "product_id": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "product_identification_helper": { "purl": "pkg:oci/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hco-bundle-registry\u0026tag=v4.11.0-601" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product": { "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product_id": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver-rhel8\u0026tag=v4.11.0-21" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product": { "name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product_id": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-csi-driver\u0026tag=v4.11.0-21" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8\u0026tag=v4.11.0-21" } } }, { "category": "product_version", "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "product": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "product_id": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "product_identification_helper": { "purl": "pkg:oci/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hostpath-provisioner-rhel8-operator\u0026tag=v4.11.0-24" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator\u0026tag=v4.11.0-96" } } }, { "category": "product_version", "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "product": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "product_id": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "product_identification_helper": { "purl": "pkg:oci/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/hyperconverged-cluster-webhook-rhel8\u0026tag=v4.11.0-96" } } }, { "category": "product_version", "name": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "product": { "name": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "product_id": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "product_identification_helper": { "purl": "pkg:oci/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubemacpool\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "product": { "name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "product_id": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-console-plugin\u0026tag=v4.11.0-83" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "product": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "product_id": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-ssp-operator\u0026tag=v4.11.0-54" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-copy-template\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-datavolume\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-operator\u0026tag=v4.11.0-29" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "product": { "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "product_id": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status\u0026tag=v4.11.0-7" } } }, { "category": "product_version", "name": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "product": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "product_id": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "product_identification_helper": { "purl": "pkg:oci/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-template-validator\u0026tag=v4.11.0-17" } } }, { "category": "product_version", "name": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "product": { "name": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "product_id": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "product_identification_helper": { "purl": "pkg:oci/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/libguestfs-tools\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "product": { "name": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "product_id": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-marker\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "product": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "product_id": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "product_identification_helper": { "purl": "pkg:oci/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/ovs-cni-plugin\u0026tag=v4.11.0-26" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "product": { "name": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "product_id": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-api\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "product": { "name": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "product_id": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-artifacts-server\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "product": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "product_id": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-apiserver\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "product": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "product_id": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-cloner\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "product": { "name": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "product_id": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-controller\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "product": { "name": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "product_id": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-importer\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "product": { "name": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "product_id": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-operator\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadproxy\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "product": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "product_id": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-cdi-uploadserver\u0026tag=v4.11.0-59" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "product": { "name": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "product_id": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-controller\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "product": { "name": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "product_id": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-handler\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "product": { "name": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "product_id": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "product_identification_helper": { "purl": "pkg:oci/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virtio-win\u0026tag=v4.11.0-16" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "product": { "name": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "product_id": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-launcher\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "product": { "name": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "product_id": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "product_identification_helper": { "purl": "pkg:oci/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/virt-operator\u0026tag=v4.11.0-106" } } }, { "category": "product_version", "name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", "product": { "name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", "product_id": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", "product_identification_helper": { "purl": "pkg:oci/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/vm-network-latency-checkup\u0026tag=v4.11.0-67" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64" }, "product_reference": "container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64" }, "product_reference": "container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64" }, "product_reference": "container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64" }, "product_reference": "container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64" }, "product_reference": "container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64" }, "product_reference": "container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64" }, "product_reference": "container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64" }, "product_reference": "container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64" }, "product_reference": "container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64" }, "product_reference": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64" }, "product_reference": "container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64" }, "product_reference": "container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64" }, "product_reference": "container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64" }, "product_reference": "container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" }, "product_reference": "container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64" }, "product_reference": "container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" }, "product_reference": "container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64" }, "product_reference": "container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64" }, "product_reference": "container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" }, "product_reference": "container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64" }, "product_reference": "container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64" }, "product_reference": "container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64" }, "product_reference": "container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64" }, "product_reference": "container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64" }, "product_reference": "container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "relates_to_product_reference": "8Base-CNV-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64 as a component of CNV 4.11 for RHEL 8", "product_id": "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" }, "product_reference": "container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64", "relates_to_product_reference": "8Base-CNV-4.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-38561", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2022-06-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2100495" } ], "notes": [ { "category": "description", "text": "A flaw was found in golang. The language package for go language can panic due to an out-of-bounds read when an incorrectly formatted language tag is being parsed. This flaw allows an attacker to cause applications using this package to parse untrusted input data to crash, leading to a denial of service of the affected component.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw may be triggered only by accepting untrusted user input to the vulnerable golang\u0027s library. The overall DoS attack vector depends directly on how the library\u0027s input is exposed by the consuming application, thus Red Hat rates impact as Moderate.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.5 version, the registration-operator, lighthouse-coredns, lighthouse-agent, gatekeeper-operator, and discovery-operator components are affected by this flaw, but the rest of the components are using an already patched version and are unaffected. For 2.4 and previous versions of Red Hat Advanced Cluster Management for Kubernetes (RHACM), most of the components are affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-38561" }, { "category": "external", "summary": "RHBZ#2100495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-38561", "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2021-0113", "url": "https://pkg.go.dev/vuln/GO-2021-0113" } ], "release_date": "2021-08-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: out-of-bounds read in golang.org/x/text/language leads to DoS" }, { "cve": "CVE-2021-44716", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030801" } ], "notes": [ { "category": "description", "text": "There\u0027s an uncontrolled resource consumption flaw in golang\u0027s net/http library in the canonicalHeader() function. An attacker who submits specially crafted requests to applications linked with net/http\u0027s http2 functionality could cause excessive resource consumption that could lead to a denial of service or otherwise impact to system performance and resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: limit growth of header canonicalization cache", "title": "Vulnerability summary" }, { "category": "other", "text": "For OpenShift Container Platform, OpenShift Virtualization, Red Hat Quay and OpenShift distributed tracing the most an attacker can possibly achieve by exploiting this vulnerability is to crash a container, temporarily impacting availability of one or more services. Therefore impact is rated Moderate.\n\nIn its default configuration, grafana as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability. However, enabling http2 in /etc/grafana/grafana.ini explicitly would render grafana affected, therefore grafana has been marked affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44716" }, { "category": "external", "summary": "RHBZ#2030801", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030801" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44716", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44716" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling HTTP/2. Setting the GODEBUG=http2server=0 environment variable before calling Serve will disable HTTP/2 unless it was manually configured through the golang.org/x/net/http2 package.", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: limit growth of header canonicalization cache" }, { "cve": "CVE-2021-44717", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-12-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2030806" } ], "notes": [ { "category": "description", "text": "There\u0027s a flaw in golang\u0027s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: syscall: don\u0027t close fd 0 on ForkExec error", "title": "Vulnerability summary" }, { "category": "other", "text": "* This flaw has had the severity level set to Moderate due to the attack complexity required to exhaust file descriptors at the time ForkExec is called, plus an attacker does not necessarily have direct control over where/how data is leaked.\n\n* For Service Telemetry Framework, because the flaw\u0027s impact is lower, no update will be provided at this time for its containers.\n\n* runc shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this flaw because the flaw is already patched in the shipped versions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-44717" }, { "category": "external", "summary": "RHBZ#2030806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030806" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44717", "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k" } ], "release_date": "2021-12-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" }, { "category": "workaround", "details": "This bug can be mitigated by raising the per-process file descriptor limit.", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: syscall: don\u0027t close fd 0 on ForkExec error" }, { "acknowledgments": [ { "names": [ "Oliver Brooks and James Klopchic" ], "organization": "NCC Group" } ], "cve": "CVE-2022-1798", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-08-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2117872" } ], "notes": [ { "category": "description", "text": "An arbitrary file read vulnerability was found in the kubeVirt API. This flaw makes it possible to use the kubeVirt API to provide access to host files (like /etc/passwd, for example) in a KubeVirt VM as a disk device that can be written to and read from.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1798" }, { "category": "external", "summary": "RHBZ#2117872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1798", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1798" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1798" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm", "url": "https://github.com/google/security-research/security/advisories/GHSA-cvx8-ppmc-78hm" } ], "release_date": "2022-08-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kubeVirt: Arbitrary file read on the host from KubeVirt VMs" }, { "cve": "CVE-2022-21698", "cwe": { "id": "CWE-772", "name": "Missing Release of Resource after Effective Lifetime" }, "discovery_date": "2022-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2045880" } ], "notes": [ { "category": "description", "text": "A denial of service attack was found in prometheus/client_golang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as having a moderate impact for two main reasons. The opportunity for a Denial of Service is limited to the golang runtime. In the case of OpenShift Container Platform, this would be restricted within each individual container. Additionally, this is in alignment with upstream\u0027s (the Prometheus project) impact rating.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-21698" }, { "category": "external", "summary": "RHBZ#2045880", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2045880" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21698", "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21698" }, { "category": "external", "summary": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p", "url": "https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p" } ], "release_date": "2022-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "prometheus/client_golang: Denial of service using InstrumentHandlerCounter" }, { "cve": "CVE-2022-23772", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053532" } ], "notes": [ { "category": "description", "text": "A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a remote attacker to impact the availability of the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23772" }, { "category": "external", "summary": "RHBZ#2053532", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053532" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23772", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23772" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-01-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString" }, { "cve": "CVE-2022-23773", "cwe": { "id": "CWE-1220", "name": "Insufficient Granularity of Access Control" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053541" } ], "notes": [ { "category": "description", "text": "A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the integrity of the environment.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23773" }, { "category": "external", "summary": "RHBZ#2053541", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053541" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23773", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23773" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: cmd/go: misinterpretation of branch names can lead to incorrect access control" }, { "cve": "CVE-2022-23806", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053429" } ], "notes": [ { "category": "description", "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23806" }, { "category": "external", "summary": "RHBZ#2053429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements" }, { "cve": "CVE-2022-24675", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2022-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2077688" } ], "notes": [ { "category": "description", "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/pem: fix stack overflow in Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24675" }, { "category": "external", "summary": "RHBZ#2077688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" } ], "release_date": "2022-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/pem: fix stack overflow in Decode" }, { "cve": "CVE-2022-24921", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064857" } ], "notes": [ { "category": "description", "text": "A stack overflow flaw was found in Golang\u0027s regexp module, which can crash the runtime if the application using regexp accepts very long or arbitrarily long regexps from untrusted sources that have sufficient nesting depths. To exploit this vulnerability, an attacker would need to send large regexps with deep nesting to the application. Triggering this flaw leads to a crash of the runtime, which causes a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: regexp: stack exhaustion via a deeply nested expression", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as a Moderate impact flaw because the exploitation of this flaw requires that an affected application accept arbitrarily long regexps from untrusted sources, which has inherent risks (even without this flaw), especially involving impacts to application availability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24921" }, { "category": "external", "summary": "RHBZ#2064857", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064857" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24921", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24921" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", "url": "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk" } ], "release_date": "2022-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: regexp: stack exhaustion via a deeply nested expression" }, { "cve": "CVE-2022-27191", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2022-03-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2064702" } ], "notes": [ { "category": "description", "text": "A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crash in a golang.org/x/crypto/ssh server", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform (OCP) the vulnerable golang.org/x/crypto/ssh package is bundled in many components. The affected code is in the SSH server portion that is not used, hence the impact by this vulnerability is reduced. Additionally the OCP installer components, that also bundle vulnerable golang.org/x/crypto/ssh package, are used only during the cluster installation process, hence for already deployed and running OCP clusters the installer components are considered as affected by this vulnerability but not impacted.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-27191" }, { "category": "external", "summary": "RHBZ#2064702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-27191", "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ", "url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ" } ], "release_date": "2022-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crash in a golang.org/x/crypto/ssh server" }, { "cve": "CVE-2022-28327", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2077689" } ], "notes": [ { "category": "description", "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: panic caused by oversized scalar", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "known_not_affected": [ "8Base-CNV-4.11:container-native-virtualization/checkup-framework@sha256:055aa6e280af9bfec4c8864f4d9ed79c22bd864829cff855650ef7fed092c815_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-must-gather-rhel8@sha256:3d364b59962f15123ba6ce8b2d49b1cd38b3f1d540b3b4c0a1858e93b6cba011_amd64", "8Base-CNV-4.11:container-native-virtualization/hco-bundle-registry@sha256:b83c2f51067335600cc20a39a9d911ad110d700ef46f53e7a18af4e534a77534_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-operator@sha256:9522cee60c82b120a4dd131f6dc690786740dd85ce5e7f83171823c4b7aa93e0_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-console-plugin@sha256:884d54355a5e3f66f2916a4fd6bb182a2450f2c6a800176befc7a74b7b5cd5c9_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-ssp-operator@sha256:989137caa24e0604c230e84a7a65b7efc38ef68ef55ffe78353c51c58dd63e14_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm@sha256:b4151b401146f609a0647886845233d6bd1561aaaba72866fcad6d3f4539f950_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:34e68039c045ac22068a557d548b420ab04cda5fa755404ee1c850aa6817747f_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-datavolume@sha256:56de4ec139a88c5f61a0cd87dc405e208992a9cf343cc6925094cbefb533f2ce_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:7c16943b0da0e7c886c2cad5a87c92db111a96b842f66971862d2d81df0a92f2_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:c0fd52ef347d2cd496a98ea67ed432074127cb6f86e64798f452968d26e39594_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:da18128194e3574952655b623395d330fd82912fc598b0804762f039cd7bd713_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:4747611e2b2648b3d765e6c728d80d339a25dd20664ecc57b70a1e09d71eee64_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:2c008c250adad10a90fad4a7be1825ba4d950a7fbf9134c7a08346c5e0483c26_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status@sha256:afe3a2b76c42e27399cb71fb3c02317e89cb5f3201f9f95ec0bfa9e74c4775c4_amd64", "8Base-CNV-4.11:container-native-virtualization/kubevirt-template-validator@sha256:b8122af35a7695f7cf99e4d36546920570e408cfba2b45c90ffd4dd2ddf47c77_amd64", "8Base-CNV-4.11:container-native-virtualization/libguestfs-tools@sha256:083c332bd90cb8fbb02182926985accff8ba9a4ca351a6a7c049cb173e2cea00_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-marker@sha256:612d67e74b6b682ea1d6358c7e766c2c499ac747ec6778a45f289ea597da736d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-api@sha256:e47dc1188b335a23bbaf9aec8df03fd78dc4b62b3e41f06bc67a408363016e05_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-artifacts-server@sha256:412af0af13fb583eb59bf00c544b2feef9f02bfcec9776ccce1750d781a35341_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-apiserver@sha256:6481694e07d022162c4512c3e346bd10718219c6ed78bed0bdbb759c9be3d434_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-controller@sha256:474a57191da17d55a2a4c85fc6babbf6a052a244cd6edaa8bb67cb3987be8e7c_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-importer@sha256:722bdbb1303c5c631dc574fd4d5873623f2b5cee18f14970ddd224a50c819b9f_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-operator@sha256:f2371c3df8800ed745ee00b2037c932e9889271d6b47f5fd4df72c0dd4559f70_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadproxy@sha256:69fbd2dee5cad3adfd2b85584e1c095a5896346497e0a58def70806f77687386_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-uploadserver@sha256:056d9fa9dff8ba2eca829403a5d0190a3bf2767e6ab37e7b46b4cc1885e1e2df_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-controller@sha256:a07a7931e8778971d6e3a73fdd0cabb442e057505d6364d98adcfa2d088b4858_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-handler@sha256:81840626baefd6558db56a060ad37ecbd21378b3a96bfe525727f8ab64b02462_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-launcher@sha256:ca64a5d33cae1ddec96abde09f97ef0845a40bf2676a319dd3fb1f1737b1826d_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-operator@sha256:69c97e3d7f039edc5a8c7075dde0114ebdb56d62cf9e4d921b40ef3847f0c75c_amd64", "8Base-CNV-4.11:container-native-virtualization/virtio-win@sha256:3f4a86de5c9046c44a792a75fe056976dd6763afdba22a9aededa9ed2ab781d9_amd64", "8Base-CNV-4.11:container-native-virtualization/vm-network-latency-checkup@sha256:b7e272aa99af11856b4a2d6a7f1cea4258aef13e02e0b34c7e076b3798c8169d_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28327" }, { "category": "external", "summary": "RHBZ#2077689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" } ], "release_date": "2022-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-09-14T19:28:51+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:6526" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-CNV-4.11:container-native-virtualization/bridge-marker@sha256:faa1f729980217c7ffefa2134d5e8d851a6fb7913be7c6edf8ab7c3277b6f53d_amd64", "8Base-CNV-4.11:container-native-virtualization/cluster-network-addons-operator@sha256:c7475f5f5d2c24bffc410c39168d4eba8bffa64b7e220a51291ed4e6bf053c6f_amd64", "8Base-CNV-4.11:container-native-virtualization/cnv-containernetworking-plugins@sha256:af41f3c3f2b88a74bfe29c6001ca5e472bb9673150bfc0be35ffad66a012a573_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver-rhel8@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-csi-driver@sha256:562548cfd4fd0327e3cd25365251eed5abe1aafbf394b0a112b79039c802c3c3_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8-operator@sha256:37cb86f8d15856f112cff0440638cd976572216a84afac2d11c8a2188f86be34_amd64", "8Base-CNV-4.11:container-native-virtualization/hostpath-provisioner-rhel8@sha256:ef1f3bfc036762d9060f490912fd1b43d9ce3b9c542a347b77f505ba92a51906_amd64", "8Base-CNV-4.11:container-native-virtualization/hyperconverged-cluster-webhook-rhel8@sha256:5a70d43a90d0860ca367c004fedc7a3b82132327a9d9e6bbb1d1244cd7fddb13_amd64", "8Base-CNV-4.11:container-native-virtualization/kubemacpool@sha256:9eb14ac44a379de4a6fe8583f582b2e39fd056beeab9951cd783e31340c0ce6a_amd64", "8Base-CNV-4.11:container-native-virtualization/ovs-cni-plugin@sha256:3cffc89502ab45e9b47721cbca140d7946fd8afab6f1f9c6f17c17ea24374869_amd64", "8Base-CNV-4.11:container-native-virtualization/virt-cdi-cloner@sha256:578e2134d5a174249a374de5c26532db98fca13a571e81ac6839ba88beb19a01_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: panic caused by oversized scalar" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.