8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
28.9%
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.
The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.
The following packages have been upgraded to a later upstream version: cockpit-ovirt (0.14.11), imgbased (1.2.12), redhat-release-virtualization-host (4.4.2), redhat-virtualization-host (4.4.2). (BZ#1875362, BZ#1878045)
Security Fix(es):
grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)
QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 8 | x86_64 | redhat-release-virtualization-host | < 4.4.2-1.el8ev | redhat-release-virtualization-host-4.4.2-1.el8ev.x86_64.rpm |
RedHat | 8 | noarch | redhat-virtualization-host-image-update-placeholder | < 4.4.2-1.el8ev | redhat-virtualization-host-image-update-placeholder-4.4.2-1.el8ev.noarch.rpm |
RedHat | 8 | noarch | redhat-virtualization-host-image-update | < 4.4.2-20200930.0.el8_2 | redhat-virtualization-host-image-update-4.4.2-20200930.0.el8_2.noarch.rpm |
RedHat | 8 | noarch | python3-imgbased | < 1.2.12-0.1.el8ev | python3-imgbased-1.2.12-0.1.el8ev.noarch.rpm |
RedHat | 8 | noarch | cockpit-ovirt-dashboard | < 0.14.11-1.el8ev | cockpit-ovirt-dashboard-0.14.11-1.el8ev.noarch.rpm |
RedHat | 8 | noarch | imgbased | < 1.2.12-0.1.el8ev | imgbased-1.2.12-0.1.el8ev.noarch.rpm |
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
28.9%