Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:0540
HistoryFeb 15, 2022 - 10:47 a.m.

(RHSA-2022:0540) Important: Red Hat Virtualization Host security update [ovirt-4.4.10-1]

2022-02-1510:47:42
access.redhat.com
60

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.4%

JSON

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Security Fix(es):

  • polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034)

  • kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)

  • aide: heap-based buffer overflow on outputs larger than B64_BUF (CVE-2021-45417)

  • kernel: fs_context: heap overflow in legacy parameter handling (CVE-2022-0185)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Rebased wget package and its dependencies for the same version shipped with recent RHEL. (BZ#2030082)
OSVersionArchitecturePackageVersionFilename
RedHat8x86_64redhat-release-virtualization-host< 4.4.10-1.el8evredhat-release-virtualization-host-4.4.10-1.el8ev.x86_64.rpm
RedHat8x86_64redhat-release-virtualization-host-content< 4.4.10-1.el8evredhat-release-virtualization-host-content-4.4.10-1.el8ev.x86_64.rpm
RedHat8x86_64libmetalink-devel< 0.1.3-7.el8libmetalink-devel-0.1.3-7.el8.x86_64.rpm
RedHat8x86_64libmetalink-debuginfo< 0.1.3-7.el8libmetalink-debuginfo-0.1.3-7.el8.x86_64.rpm
RedHat8x86_64wget-debuginfo< 1.19.5-10.el8wget-debuginfo-1.19.5-10.el8.x86_64.rpm
RedHat8x86_64wget< 1.19.5-10.el8wget-1.19.5-10.el8.x86_64.rpm
RedHatanyx86_64redhat-virtualization-host-image-update< 4.4.10-202202081536_8.5redhat-virtualization-host-image-update-4.4.10-202202081536_8.5.x86_64.rpm
RedHat8x86_64libmetalink-debugsource< 0.1.3-7.el8libmetalink-debugsource-0.1.3-7.el8.x86_64.rpm
RedHat8x86_64libmetalink< 0.1.3-7.el8libmetalink-0.1.3-7.el8.x86_64.rpm
RedHat8noarchredhat-virtualization-host-image-update-placeholder< 4.4.10-1.el8evredhat-virtualization-host-image-update-placeholder-4.4.10-1.el8ev.noarch.rpm
Rows per page:
1-10 of 111

Related

nessus 69
oraclelinux 6
redhat 14
rocky 6
osv 11
almalinux 2
thn 2
debian 2
gentoo 1
amazon 2
veracode 3
redhatcve 3
centos 1
mageia 3
suse 2
ubuntu 5
freebsd 2
prion 3
debiancve 4
cve 2
ubuntucve 2
checkpoint_security 1
ibm 5
saint 1
githubexploit 30
qualysblog 1
fedora 3
redos 1
metasploit 1
slackware 1
rosalinux 1
cloudfoundry 1
f5 2
virtuozzo 1
cbl_mariner 4
cnvd 1
nessus
nessus
RHEL 8 : Red Hat Virtualization Host security update [ovirt-4.4.10-1] (Important) (RHSA-2022:0540)
2022-02-15 00:00:00
RHEL 8 : kernel-rt (RHSA-2022:0176)
2022-01-20 00:00:00
AlmaLinux 8 : kernel (ALSA-2022:0188)
2022-03-11 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2022-01-21 00:00:00
aide security update
2022-02-18 00:00:00
aide security update
2022-02-08 00:00:00
redhat
redhat
(RHSA-2022:0188) Important: kernel security and bug fix update
2022-01-19 13:59:09
(RHSA-2022:0232) Important: kpatch-patch security update
2022-01-24 09:04:18
(RHSA-2022:0176) Important: kernel-rt security and bug fix update
2022-01-19 09:43:06
rocky
rocky
kernel security and bug fix update
2022-01-19 13:59:09
kernel-rt security and bug fix update
2022-01-19 22:58:41
kernel security and bug fix update
2022-01-19 22:55:48
osv
osv
Important: kernel security and bug fix update
2022-01-19 13:59:09
Important: kernel security and bug fix update
2022-01-19 13:59:09
Important: kernel-rt security and bug fix update
2022-01-19 09:43:06
almalinux
almalinux
Important: kernel security and bug fix update
2022-01-19 13:59:09
Important: aide security update
2022-02-07 08:12:10
thn
thn
12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access
2022-01-26 05:39:00
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
2022-10-13 12:17:00
debian
debian
[SECURITY] [DSA 5051-1] aide security update
2022-01-20 18:24:59
[SECURITY] [DLA 2894-1] aide security update
2022-01-25 01:24:04
gentoo
gentoo
AIDE: Root Privilege Escalation
2023-11-25 00:00:00
amazon
amazon
Important: aide
2022-05-31 23:47:00
Important: aide
2022-09-15 04:55:00
veracode
veracode
Privilege Escalation
2022-01-21 05:44:51
Privilege Escalation
2022-01-26 05:22:38
Denial Of Service (DoS)
2022-01-20 05:51:17
redhatcve
redhatcve
CVE-2021-45417
2022-04-30 13:09:40
CVE-2022-0185
2022-01-18 19:18:49
CVE-2021-4155
2022-05-07 14:17:19
centos
centos
aide security update
2022-02-08 23:31:43
mageia
mageia
Updated aide & mhash packages fix security vulnerability
2024-03-31 06:27:58
Updated kernel packages fix security vulnerability
2022-01-22 00:41:23
Updated kernel-linus packages fix security vulnerability
2022-01-22 00:41:23
suse
suse
Security update for aide (important)
2022-02-17 00:00:00
Security update for seamonkey (important)
2022-05-27 00:00:00
ubuntu
ubuntu
AIDE vulnerability
2022-01-20 00:00:00
AIDE vulnerability
2022-01-20 00:00:00
PolicyKit vulnerability
2022-01-25 00:00:00
freebsd
freebsd
aide -- heap-based buffer overflow
2022-01-15 00:00:00
polkit -- Local Privilege Escalation
2022-01-25 00:00:00
prion
prion
Heap overflow
2022-01-20 18:15:00
Privilege escalation
2022-01-28 20:15:00
Heap overflow
2022-02-11 18:15:00
debiancve
debiancve
CVE-2021-45417
2022-01-20 18:15:00
CVE-2021-4034
2022-01-28 20:15:00
CVE-2022-0185
2022-02-11 18:15:00
cve
cve
CVE-2021-45417
2022-01-20 18:15:00
CVE-2022-0185
2022-02-11 18:15:00
ubuntucve
ubuntucve
CVE-2021-45417
2022-01-20 00:00:00
CVE-2022-0185
2022-01-18 00:00:00
checkpoint_security
checkpoint_security
Check Point's Response to CVE-2021-4034 - Local Privilege Escalation in polkit's pkexec
2022-01-29 20:41:56
ibm
ibm
Security Bulletin: App Connect Professional is affected by polkit's pkexec vulnerability
2022-02-15 04:15:53
Security Bulletin: IBM Security Guardium is affected by a PolicyKit vulnerability (CVE-2021-4034)
2022-11-08 20:10:55
Security Bulletin: TS3000 (TSSC/IMC) is vulnerable to privilege escalation vulnerability due to polkit ( CVE-2021-4034 )
2022-05-05 19:18:30
saint
saint
Polkit pkexec privilege elevation
2022-01-27 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Polkit Project Polkit
2022-01-25 23:11:30
Exploit for Out-of-bounds Write in Polkit Project Polkit
2021-12-29 15:00:00
Exploit for Out-of-bounds Write in Polkit Project Polkit
2022-02-02 09:26:24
qualysblog
qualysblog
QSC 2022: Qualys’ Threat Research Unit (TRU) – Our Shield Is Your Shield
2022-11-11 01:28:25
fedora
fedora
[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.2
2022-01-26 23:42:37
[SECURITY] Fedora 34 Update: kernel-5.15.16-100.fc34
2022-01-22 01:18:36
[SECURITY] Fedora 35 Update: kernel-5.15.16-200.fc35
2022-01-22 01:32:03
redos
redos
ROS-20220128-01
2022-01-28 00:00:00
metasploit
metasploit
Local Privilege Escalation in polkits pkexec
2022-01-26 19:05:36
slackware
slackware
[slackware-security] polkit
2022-01-26 05:02:16
rosalinux
rosalinux
Advisory ROSA-SA-2022-2013
2022-01-31 14:03:39
cloudfoundry
cloudfoundry
USN-5240-1: Linux kernel vulnerability | Cloud Foundry
2022-03-11 00:00:00
f5
f5
K71080411 : Linux kernel vulnerability CVE-2021-4155
2022-04-27 00:00:00
K73200428 : Linux kernel vulnerability CVE-2022-0185
2022-03-02 00:00:00
virtuozzo
virtuozzo
[Important] [Security] New kernel 2.6.32-042stab146.2; Virtuozzo 6.0 Update 12 Hotfix 55 (6.0.12-3762)
2021-01-11 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-4155 affecting package kernel 5.10.131.1-1
2022-09-17 05:57:05
CVE-2022-0185 affecting package kernel 5.15.86.1-1
2022-04-09 06:52:47
CVE-2022-0185 affecting package kernel 5.10.161.1-1
2022-02-25 01:46:15
cnvd
cnvd
Linux kernel heap buffer overflow vulnerability (CNVD-2022-68564)
2022-01-21 00:00:00

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.4%

JSON
Related for RHSA-2022:0540
nessus69oraclelinux6redhat14rocky6osv11almalinux2thn2debian2gentoo1amazon2veracode3redhatcve3centos1mageia3suse2ubuntu5freebsd2prion3debiancve4cve2ubuntucve2checkpoint_security1ibm5saint1githubexploit30qualysblog1fedora3redos1metasploit1slackware1rosalinux1cloudfoundry1f52virtuozzo1cbl_mariner4cnvd1