Red Hat has released security updates to address several vulnerabilities in the following products:

• Red Hat Ceph Storage 4.3
  • Red Hat Ceph Storage MON 4 for RHEL 8 x86_64
  • Red Hat Ceph Storage MON 4 for RHEL 7 x86_64
  • Red Hat Ceph Storage OSD 4 for RHEL 8 x86_64
  • Red Hat Ceph Storage OSD 4 for RHEL 7 x86_64
  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Ceph Storage for Power 4 for RHEL 8 ppc64le
  • Red Hat Ceph Storage for Power 4 for RHEL 7 ppc64le
  • Red Hat Ceph Storage MON for Power 4 for RHEL 8 ppc64le
  • Red Hat Ceph Storage MON for Power 4 for RHEL 7 ppc64le
  • Red Hat Ceph Storage OSD for Power 4 for RHEL 8 ppc64le
  • Red Hat Ceph Storage OSD for Power 4 for RHEL 7 ppc64le
  • Red Hat Ceph Storage for IBM z Systems 4 s390x
  • Red Hat Ceph Storage MON for IBM z Systems 4 s390x
  • Red Hat Ceph Storage OSD for IBM z Systems 4 s390x
• Red Hat Advanced Cluster Management 2.3.10
  • Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 8 x86_64
  • Red Hat Advanced Cluster Management for Kubernetes 2 for RHEL 7 x86_64
• OpenShift Container Platform 4.6.57
  • Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.6 for RHEL 7 x86_64
  • Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x

An attacker could exploit these vulnerabilities by doing the following:

• Denial of Service (DoS) attack
• Privilege escalation
• Arbitrary code execution

The CERT team encourages users to review Red Hat security advisory and apply the necessary updates:

• https://access.redhat.com/errata/RHSA-2022:1716
• https://access.redhat.com/errata/RHSA-2022:1715
• https://access.redhat.com/errata/RHSA-2022:1620