RHSA-2025:22529
Vulnerability from csaf_redhat - Published: 2025-12-01 21:59 - Updated: 2025-12-08 22:41Summary
Red Hat Security Advisory: Red Hat Ceph Storage
Notes
Topic
A new version of Red Hat build of Ceph Storage has been released
Details
The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 7.1.
This release updates to the latest version.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 7.1.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22529",
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-29458",
"url": "https://access.redhat.com/security/cve/CVE-2022-29458"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56433",
"url": "https://access.redhat.com/security/cve/CVE-2024-56433"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-11561",
"url": "https://access.redhat.com/security/cve/CVE-2025-11561"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32414",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32415",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32988",
"url": "https://access.redhat.com/security/cve/CVE-2025-32988"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32989",
"url": "https://access.redhat.com/security/cve/CVE-2025-32989"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-32990",
"url": "https://access.redhat.com/security/cve/CVE-2025-32990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6395",
"url": "https://access.redhat.com/security/cve/CVE-2025-6395"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8058",
"url": "https://access.redhat.com/security/cve/CVE-2025-8058"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22529.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage",
"tracking": {
"current_release_date": "2025-12-08T22:41:27+00:00",
"generator": {
"date": "2025-12-08T22:41:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:22529",
"initial_release_date": "2025-12-01T21:59:44+00:00",
"revision_history": [
{
"date": "2025-12-01T21:59:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-01T21:59:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-08T22:41:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 7",
"product": {
"name": "Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Ade1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3A4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Aadaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056?arch=amd64\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd?arch=arm64\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3A6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Ad3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3Ace213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64 as a component of Red Hat Ceph Storage 7",
"product_id": "Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-29458",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2022-04-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2076483"
}
],
"notes": [
{
"category": "description",
"text": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ncurses: segfaulting OOB read",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security classifies this issue as having a Low security impact. This vulnerability is present in the tic program which is only used at build-time and does not exist in libncurses. The exploit can only be triggered if the user performs a specific action, such as processing terminfo from source to compiled form using trusted input, which limits the practical impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-29458"
},
{
"category": "external",
"summary": "RHBZ#2076483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29458"
}
],
"release_date": "2022-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "ncurses: segfaulting OOB read"
},
{
"cve": "CVE-2024-56433",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2024-12-26T09:00:54.065197+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2334165"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56433"
},
{
"category": "external",
"summary": "RHBZ#2334165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334165"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241",
"url": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/issues/1157",
"url": "https://github.com/shadow-maint/shadow/issues/1157"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/releases/tag/4.4",
"url": "https://github.com/shadow-maint/shadow/releases/tag/4.4"
}
],
"release_date": "2024-12-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise"
},
{
"cve": "CVE-2025-6395",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-07-07T09:30:13.037000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376755"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of null pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies null dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6395"
},
{
"category": "external",
"summary": "RHBZ#2376755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376755"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6395"
}
],
"release_date": "2025-07-10T07:56:53.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"cve": "CVE-2025-8058",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-07-23T20:00:41.541234+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383146"
}
],
"notes": [
{
"category": "description",
"text": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: Double free in glibc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes\u2019 memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8058"
},
{
"category": "external",
"summary": "RHBZ#2383146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383146"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8058"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33185",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33185"
},
{
"category": "external",
"summary": "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f",
"url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f"
}
],
"release_date": "2025-07-23T19:57:17.138000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: Double free in glibc"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-787: Out-of-bounds Write or a CWE-125: Out-of-bounds Read vulnerability, and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines and baseline configurations to ensure secure system and software settings, while least functionality reduces the attack surface by disabling unnecessary services and ports. Rigorous development practices, including static analysis, input validation, and error handling, detect and mitigate memory vulnerabilities before deployment. Process isolation and memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) preserve memory integrity by confining faults to individual workloads and preventing unauthorized access. Malicious code protections and continuous system monitoring detect anomalous memory activity and exploitation attempts, reducing the likelihood and impact of out-of-bounds read and write vulnerabilities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"acknowledgments": [
{
"names": [
"Zavier Lee"
]
}
],
"cve": "CVE-2025-11561",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"discovery_date": "2025-10-09T12:57:29.851000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402727"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this issue as High severity for domain-joined Linux systems using default SSSD configurations. While the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled by default, fallback to the an2ln plugin can occur, allowing a domain user who can modify certain Active Directory attributes (such as userPrincipalName or samAccountName) to map to privileged local accounts. This could lead to unauthorized access or elevated privileges on affected Linux hosts. Administrators are advised to review and apply recommended hardening configurations to mitigate this behavior.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11561"
},
{
"category": "external",
"summary": "RHBZ#2402727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402727"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11561",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11561"
},
{
"category": "external",
"summary": "https://blog.async.sg/kerberos-ldr",
"url": "https://blog.async.sg/kerberos-ldr"
}
],
"release_date": "2025-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure the SSSD Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is configured and the an2ln plugin is disabled by adding \"disable = an2ln\" in a krb5 include file, for example /var/lib/sss/pubconf/krb5.include.d/localauth_plugin and make sure it is included in the Kerberos configuration. Apply vendor updates and follow Red Hat guidance for SSSD hardening.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems"
},
{
"cve": "CVE-2025-32414",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"discovery_date": "2025-04-08T04:00:51.284113+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358121"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-Bounds Read in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug affects parsing of text streams using:\n- the Python bindings (pending deprecation: https://gitlab.gnome.org/GNOME/libxml2/-/issues/891)\n- the libxml2 SAX driver drv_libxml2,\n- the XML Reader API\n\nParsing of binary streams is not affected by this vulnerability.\n\nThe vulnerability exists in the libxml2 package the bug arises because of a mismatch between characters vs. bytes handling: functions xmlPythonFileRead and xmlPythonFileReadRaw may compute a length incorrectly (mistaking character count for byte count), but for a succesful exploitation of this bug requires local access, on top of that the path to exploiation is non trivial, where handling of python binding\u0027s and specific input handling of bytes and charcters are required which makes this outside the scope of an attacker and increases the attack complexity, for these reasons this has been marked as moderate by redhat.\n\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-393: Return of Wrong Status Code vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational needs, while baseline configurations maintain secure system and software states. A defense-in-depth monitoring strategy includes perimeter firewalls and endpoint protection services that detect and respond to threats in real time, helping prevent or limit exploitation attempts. Robust input validation and error handling ensure all user inputs are thoroughly validated, supporting consistent and secure system responses.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32414"
},
{
"category": "external",
"summary": "RHBZ#2358121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
}
],
"release_date": "2025-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-Bounds Read in libxml2"
},
{
"cve": "CVE-2025-32415",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-04-17T18:00:46.954384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360768"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted XML file with the application linked to the libxml2 library. Additionally, the only security impact of this vulnerability is a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32415"
},
{
"category": "external",
"summary": "RHBZ#2360768",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the libxml2 library.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables"
},
{
"cve": "CVE-2025-32988",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-04-15T01:21:36.833000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359622"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: Vulnerability in GnuTLS otherName SAN export",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate rather than Important because, although it involves a memory management flaw (double-free) that can potentially lead to memory corruption, practical exploitation is limited by modern memory protection mechanisms and contextual constraints. The issue occurs only when processing malformed SAN otherName entries through public GnuTLS APIs\u2014an uncommon and controlled code path in most deployments. Furthermore, exploitation for arbitrary code execution is highly dependent on allocator behavior and requires precise heap manipulation, which is non-trivial under defenses such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and hardened memory allocators. In the majority of cases, the outcome would be a crash or denial of service rather than a reliable compromise of integrity or confidentiality. Therefore, given its limited attack surface, dependency on crafted input, and the presence of strong runtime mitigations, the impact justifies a Moderate severity classification instead of Important.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-415: Double Free vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform enforces hardening guidelines to apply the most restrictive settings necessary for operational requirements. Baseline configurations and system controls ensure secure software configurations, while least functionality reduces the attack surface by enforcing safe memory allocation and deallocation practices, lowering the risk of double-free vulnerabilities. The environment employs IPS/IDS and antimalware solutions to detect and prevent malicious code while providing real-time visibility into memory usage, reducing the risk of arbitrary code execution. Static code analysis and peer reviews enforce strong input validation and error handling, minimizing the risk of denial-of-service (DoS) attacks. In the event of successful exploitation, process isolation prevents compromised workloads from accessing other processes\u2019 memory, containing the potential impact. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory-related vulnerabilities.\n\nAs such, successfully triggering this vulnerability would require a sophisticated attack vector that is capable of accounting for the many native and deployed security mechanisms designed to detect and contain a double-free condition.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32988"
},
{
"category": "external",
"summary": "RHBZ#2359622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32988"
}
],
"release_date": "2025-07-10T07:55:14.310000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: Vulnerability in GnuTLS otherName SAN export"
},
{
"cve": "CVE-2025-32989",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-04-15T01:21:36.512000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359621"
}
],
"notes": [
{
"category": "description",
"text": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: Vulnerability in GnuTLS SCT extension parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32989"
},
{
"category": "external",
"summary": "RHBZ#2359621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32989"
}
],
"release_date": "2025-07-10T07:54:13.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: Vulnerability in GnuTLS SCT extension parsing"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-04-15T01:21:36.656000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2359620"
}
],
"notes": [
{
"category": "description",
"text": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gnutls: Vulnerability in GnuTLS certtool template parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as a moderate severity because a heap-buffer-overflow (off-by-one) flaw was found exclusively in the certtool utility\u0027s template parsing logic (part of the gnutls-utils package), and does not affect the core gnutls library itself. This issue is triggered when the tool processes specially crafted settings from a template file, leading to an out-of-bounds NULL pointer write. The resulting memory corruption causes a denial-of-service by crashing the application.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to the successful exploitation of a CWE-122: Heap-based Buffer Overflow vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nAccess to the platform is granted only after successful hard token, multi-factor authentication (MFA), which is coupled with least privilege principles to ensure that only authorized roles and users can execute or manipulate code. Red Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. This minimizes the number of components that could be affected by heap-based buffer overflow exploitations. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, preventing or limiting the impact of exploitation attempts. Static code analysis and peer code review techniques ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) enhance resilience against memory buffer overflows and denial-of-service attacks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-32990"
},
{
"category": "external",
"summary": "RHBZ#2359620",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32990"
}
],
"release_date": "2025-07-09T07:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-01T21:59:44+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:5a9b2a273a676301e4270312e5d03b2b19222d95ee0f95583fd1eedc956078cd_arm64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:684398687e17d2eff4f713eaee18dea22bbe3285334bfad0d9812fab51c300a8_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:9394923ea473b90739587a7f90ec269963ec5ce399520d8f626d63ad1357a0a2_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/grafana-rhel9@sha256:d3f279fb0bf1b0e13fce85af7a3976149023cb85faf881bfcf515ae129c3b249_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:0c2ea384ae2c29dbbc965e9c24f1e6e78d2d1922dae44218c7585030c5a7a906_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:721cc49763de142a6eba2dd441ba0dc522500d385d65300219be48d2f31f0c74_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/keepalived-rhel9@sha256:9fa023730bc77721a1d519ecc1a209b6d4c06b29baa3dcbb5f2dff2921c6cf27_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:ce213d48fbefae6b9d5f5a64b79c6ed016afcb646bf7b5742707ed31f9a464a2_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:2fa401bf3bd53d4f2b9ad775b266ee897206e632a70e7a661409de7860b810c8_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9b67425fc074cc2154ac38dd8b5e92e5b2bbd46f8899683a23e9020e62ab5adf_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:de1c3da36e3258c2b6032bf2e3f89fb2c6018489deab55bf97d2416294e4dcf6_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:27ce7c22853f9754b91e91cf9b88f9fb99ceea7b9555724fc36b0dddd83c93a4_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:29f771b5f09b0e33d1c2589166a17368f5eec98e46efbe962ecc7a5c8d9ec923_amd64",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:6ae4656046c69b9821519e54665d9bc6575f3cf35c3a83fa78b50b7efe95ef53_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:6968e191b6f06b24febd441bd8b6b2d68236a6cee30a233d1ef6fc1191332204_ppc64le",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:992f1649dfed889b9af86da3dcb91a764dc4a0b5918c4ce0945a0c1f5329dfa5_s390x",
"Red Hat Ceph Storage 7:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:adaa24cdf0a56c1fbda2f7ac7f977b07dfc8c12654cbdc8d9dc5c020b2736056_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gnutls: Vulnerability in GnuTLS certtool template parsing"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…