ID

VAR-202206-1186

CVE

CVE-2022-21125

TITLE

Red Hat Security Advisory 2022-6872-01

DESCRIPTION

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. 7) - noarch, x86_64 3. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security fix: * CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS Bug fixes: * Remove 1.9.1 from Proxy Patch Documentation (BZ# 2076856) * RHACM 2.3.12 images (BZ# 2101411) 3. Bugs fixed (https://bugzilla.redhat.com/): 2076856 - [doc] Remove 1.9.1 from Proxy Patch Documentation 2101411 - RHACM 2.3.12 images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 5. In addition this updates provides mitigations for the "Retbleed" speculative execution attack and the "MMIO stale data" vulnerabilities. For additional information please refer to the following pages: https://xenbits.xen.org/xsa/advisory-404.html https://xenbits.xen.org/xsa/advisory-407.html For the stable distribution (bullseye), these problems have been fixed in version 4.14.5+24-g87d90d511c-1. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLRp7MACgkQEMKTtsN8 TjbUmQ/+PCIyYjQJgGT14YBFpKnI/JjdBNRUAlSMK7k3fPhk+J8sQrRx5MqwxRm3 poejebvnbn2KS1Z/NVaiPnS40ryOOUnLBKVDAHqRvnvrc2GwEblGCmUVaBn+cn4M 2OCG2wfpgSDk4sk83obDY1qcQW/676eGY47ULwkG9C+n6wNC8FParq71sCA6UQqy XSWlU7o7pc17l8B1c2yTzfdDeXjSaXe9pavxNXDrowLi7taeTn5GwzhH4x1fPWrs rGHCY8+Kk8Vq8jEIYmZA7bvKuIFcWkcdQpxcAtbgUvtCRzaid19tcf9McvltivKe HaHQhkDJxg32DHcefXMNsh+F0pgXoodh97PdqWtjs49jAkaNZb37Eyn4n7Qt4APm 4oKAT+QA5wYmfDsBzgAczzV9zgY3/nRvYKNH6q9VMOFE3gZfzdzvyHzpegf2VVtf 7DuJKTi61tlt6aSzcDHlzdUAwW7sHXKFLRxgQu6tFD7NbEHzgj0iBlcFOnKDwa2s hHOE6Hlj1GXZUKjol5pRjnM33qGMJmRhnq45qqWaGe21r+EFw2HTAyCacJciPX+a QZ4LEy5+zmc8LFBcZq9kZAVkc91EtTiTPjffqHaVd4eAZvxtgCbqdXFdyRZa9ZRD +2+e1dRoiIF6L5PotQygXyKwvxU8ca6Ni9isvit3brbLjcGjhZk= =pXvE -----END PGP SIGNATURE----- . 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * The latest RHEL 8.6.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2111112) 4. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. ========================================================================== Ubuntu Security Notice USN-5535-1 July 28, 2022 Intel Microcode vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in Intel Microcode. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. (CVE-2021-0145) Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges. (CVE-2021-0146) It was discovered that some Intel processors did not implement sufficient control flow management. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-0127) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123, CVE-2022-21127) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that some Intel processors improperly optimised security-critical code. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21151) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that some Intel processors did not properly restrict access in some situations. A local attacker could use this to obtain sensitive information. (CVE-2021-33117) Brandon Miller discovered that some Intel processors did not properly restrict access in some situations. A local attacker could use this to obtain sensitive information or a remote attacker could use this to cause a denial of service (system crash). (CVE-2021-33120) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: intel-microcode 3.20220510.0ubuntu0.16.04.1+esm1 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:6460-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6460 Issue date: 2022-09-13 CVE Names: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123) * Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125) * Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Bad page state in process qemu-kvm pfn:68a74600 (BZ#2081013) * slub corruption during LPM of hnv interface (BZ#2081250) * Affinity broken due to vector space exhaustion (BZ#2084646) * 'rmmod pmt_telemetry' panics on ADL-P IOTG (BZ#2091079) * Unable to boot RHEL-8.6 on Brazos max. config (Install is success) (BZ#2092241) * kernel crash after reboot of T14/G2 AMD laptop (mt7921e module) (BZ#2095654) * mt7921: free resources on pci_probe error path (BZ#2101684) * NLM should be more defensive if underlying FS changes fl_owner (BZ#2102099) * RHEL8/async-pf Guest call trace when reboot after postcopy migration with high stress workload (BZ#2105340) * execve exit tracepoint not called (BZ#2106662) * QProcess dead lock on kernel-4.18.0-358 (BZ#2107643) * KVM fix guest FPU uABI size to kvm_xsave (BZ#2107652) * KVM selftests fail to compile (BZ#2107655) * Some monitor have no display with AMD W6400 when boot into OS. (BZ#2109826) * Percpu counter usage is gradually getting increasing during podman container recreation. (BZ#2110039) * multipath failed to recover after EEH hit on flavafish adapter on Denali(qla2xxx/flavafish/RHEL8.6/Denali) (BZ#2110768) * soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110772) * trouble re-assigning MACs to VFs, ice stricter than other drivers (BZ#2111936) * Intel MPI 2019.0 - mpirun stuck on latest kernel (BZ#2112030) * Multicast packets are not received by all VFs on the same port even though they have the same VLAN (BZ#2117026) * Hyper-V 2019 Dynamic Memory Problem hv_balloon (BZ#2117050) * kernel BUG at kernel/sched/deadline.c:1561! (BZ#2117410) * ALSA (sound) driver - update Intel SOF kcontrol code (BZ#2117732) * bridge over bond over ice ports has no connection (BZ#2118580) * Fix max VLANs available for VF (BZ#2118581) * offline selftest failed (BZ#2118582) * INTEL NVMUpdate utility ver 3.20 is failing to update firmware on E810-XXVDA4T (WPC) (BZ#2118583) * VM configured with failover interface will coredump after been migrating from source host to target host(only iavf driver) (BZ#2118705) * Fix max VLANs available for untrusted VF (BZ#2118707) * Softlockup on infinite loop in task_get_css() for a CSS_DYING cpuset (BZ#2120776) Enhancement(s): * KVM Sapphire Rapids (SPR) AMX Instructions (BZ#2088287) * KVM Sapphire Rapids (SPR) AMX Instructions part2 (BZ#2088288) * ice: Driver Update (BZ#2102359) * iavf: Driver Update (BZ#2102360) * iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2112983) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-372.26.1.el8_6.src.rpm aarch64: bpftool-4.18.0-372.26.1.el8_6.aarch64.rpm bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-core-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-cross-headers-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-core-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-devel-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-modules-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-devel-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-headers-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-modules-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-tools-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-tools-libs-4.18.0-372.26.1.el8_6.aarch64.rpm perf-4.18.0-372.26.1.el8_6.aarch64.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm python3-perf-4.18.0-372.26.1.el8_6.aarch64.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-372.26.1.el8_6.noarch.rpm kernel-doc-4.18.0-372.26.1.el8_6.noarch.rpm ppc64le: bpftool-4.18.0-372.26.1.el8_6.ppc64le.rpm bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-core-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-cross-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-core-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-tools-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-tools-libs-4.18.0-372.26.1.el8_6.ppc64le.rpm perf-4.18.0-372.26.1.el8_6.ppc64le.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm python3-perf-4.18.0-372.26.1.el8_6.ppc64le.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm s390x: bpftool-4.18.0-372.26.1.el8_6.s390x.rpm bpftool-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm kernel-4.18.0-372.26.1.el8_6.s390x.rpm kernel-core-4.18.0-372.26.1.el8_6.s390x.rpm kernel-cross-headers-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-core-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-devel-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-modules-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-372.26.1.el8_6.s390x.rpm kernel-devel-4.18.0-372.26.1.el8_6.s390x.rpm kernel-headers-4.18.0-372.26.1.el8_6.s390x.rpm kernel-modules-4.18.0-372.26.1.el8_6.s390x.rpm kernel-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm kernel-tools-4.18.0-372.26.1.el8_6.s390x.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-core-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-devel-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-modules-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm perf-4.18.0-372.26.1.el8_6.s390x.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm python3-perf-4.18.0-372.26.1.el8_6.s390x.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm x86_64: bpftool-4.18.0-372.26.1.el8_6.x86_64.rpm bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-core-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-cross-headers-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-core-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-devel-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-modules-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-devel-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-headers-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-modules-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-tools-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64.rpm perf-4.18.0-372.26.1.el8_6.x86_64.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm python3-perf-4.18.0-372.26.1.el8_6.x86_64.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.aarch64.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.x86_64.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-21123 https://access.redhat.com/security/cve/CVE-2022-21125 https://access.redhat.com/security/cve/CVE-2022-21166 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYyCB1NzjgjWX9erEAQjx1g/+KpIc2rESQgtzICCW50Ha+ZjaOZiuIgGV 1wDzgsyj7JRxGOIhGY3edJp7sdtoT0+CoWTdjENZrNhQlQ9UhRSpJ+8vdGy5WooO fwwKBffteRMEl8YTO/U8fstclEKXK3MB93ZxEHgS0L3UQY/AUU5XqSzB4a4rV9RJ DpFQcnw3dHIrtMKHs4HMrm8+Q8ezq9UmVbl472ecnfmNXfHDhOmUGGlUrT22SX9p Zn/UXCiWZxIt+Vh2uTrIgs4hiSJPAqD/lGHjLQpaR26uciZnndLui2s4W91F7yN4 ZifRDwrSAMtsRoln7Z8HL6H59tw4vHwAY1rD5ATwk9EqhRtaetE+v0hzM+BRBhri dpZnKUhMiUDNTUKqmpbBZjh4IuSKI6AkaQenFnMQWTp027B6o0EjhqpiEdLaA0R/ pYewm2OKbulyoUeVhC5GOMX6g8ckGa5h2o4Fr+fkaptELQN1VniYEu88O7pRqaqR lW3MrcYIEowDxyiMLehgtIxjyawzfmi0fficXzCf8xEXm8fmqlrXu4lfhKV4g3WI Y9j8INFYc4inopUBsQM1zXWV00nCDxAvaYPhOYI0VjO11jxOCOcBheOlwS1sseOv Bjram7oqf2DuVSINeTAgbHMLMA4AGEcNMsOAN/mwdq6ZBpEYmCf48pvZwQscW7qv a685GRAjoyY= =4AwP -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 2094982 - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key 2130218 - 4.9.7 containers 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

bypass

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-02-08T21:38:12.998000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE