CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
96.4%
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host’s resources and performing administrative tasks.
Security Fix(es):
kernel: use-after-free in RDMA listen() (CVE-2021-4028)
kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)
openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)
gzip: arbitrary-file-write vulnerability (CVE-2022-1271)
rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fixes:
elfutils package has been update within RHV-H Channel to match the same version released in RHEL (BZ#2038081)
Rebase package(s) to version 1.2.24
For highlights, important fixes, or notable enhancements: see bugs in “Depend On”. (BZ#2057338)
Rebase package(s) to version: 4.5.0
Highlights, important fixes, or notable enhancements: (BZ#2057342)
Rebase package(s) to version anaconda-33.16.6.6-1.el8
For highlights and important bug fixes: include UI change for blocking installation if root password is not set. (BZ#1899821)
Red hat Virtualization Host has been rebased on Red Hat Enterprise Linux 8.6 (BZ#1997074)
Previously, concurrent executions of LV refresh (lvchange) failed. This hindered simultaneous starts of virtual machines that have thin-provisioned disks based on the same disk on a block storage domain.
In this release, concurrent execution of LV refresh has been fixed in LVM2. (BZ#2020497)
Red Hat Virtualization Host has been rebased on latest Ceph 4.3 (BZ#2090138)
In previous releases systemtap package could have been installed on top of RHV-H from RHV-H channel. With 4.4 SP1 systemtap package installation is not supported anymore (BZ#2052963)
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
96.4%