9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.72 High
EPSS
Percentile
98.0%
OpenShift Virtualization is Red Hat’s virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains OpenShift Virtualization 4.14.1 images.
Security Fix(es):
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
LVM created from the VMs are getting activated in the OCP nodes (BZ#2156753)
Unable to create snapshot for VM with mounted second disk (PVC) (BZ#2223411)
Cannot clone DataVolume from “local” to rook-ceph-block (BZ#2231479)
virtctl image-upload fails with “uploadproxy URL not found” (BZ#2237470)
Populators with retainAfterCompletion annotation (BZ#2237877)
After draining node where mtq system pods running the namespace becomes locked but ResourceQuota not updated (BZ#2238786)
repeating log message in mtq-controller pod even after removing the VM/Namespace (BZ#2238791)
Wrong error message when attempting to upload an image to a PVC that already has disk.img (BZ#2241658)
MTQ does not work with LimitRanges (BZ#2241953)
MTQ does not work with Auto Memory Limits (BZ#2244869)
Virtual machine export is not working on Quota defined namespace (BZ#2247200)
Host assisted clone hangs because some provisioners don’t allow mounting block PVC read only (BZ#2247657)
When encountering an IO error VM crashes during Windows shared cluster evaluation (BZ#2249846)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.72 High
EPSS
Percentile
98.0%