{ "threat_severity" : "Moderate", "public_date" : "2022-05-11T00:00:00Z", "bugzilla" : { "description" : "golang: syscall: faccessat checks wrong group", "id" : "2084085", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2084085" }, "cvss3" : { "cvss3_base_score" : "6.2", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-358", "details" : [ "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", "A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability." ], "acknowledgement" : "Upstream acknowledges Joël Gähwiler as the original reporter.", "affected_release" : [ { "product_name" : "OpenShift Service Mesh 2.1", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6277", "cpe" : "cpe:/a:redhat:service_mesh:2.1::el8", "package" : "servicemesh-operator-0:2.1.5-1.el8" }, { "product_name" : "OpenShift Service Mesh 2.1", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6277", "cpe" : "cpe:/a:redhat:service_mesh:2.1::el8", "package" : "servicemesh-prometheus-0:2.23.0-9.el8" }, { "product_name" : "OSSO-1.0-RHEL-8", "release_date" : "2022-07-28T00:00:00Z", "advisory" : "RHSA-2022:5699", "cpe" : "cpe:/a:redhat:openshift_secondary_scheduler:1.0::el8", "package" : "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.0-28" }, { "product_name" : "Red Hat Ceph Storage 6.1", "release_date" : "2023-06-15T00:00:00Z", "advisory" : "RHSA-2023:3642", "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el9", "package" : "rhceph/rhceph-6-dashboard-rhel9:6-75" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-06-30T00:00:00Z", "advisory" : "RHSA-2022:5337", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "go-toolset:rhel8-8060020220527144311.97d7f71f" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5799", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "golang-0:1.17.12-1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5799", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "go-toolset-0:1.17.12-1.el9_0" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2022-08-02T00:00:00Z", "advisory" : "RHSA-2022:5840", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-must-gather-rhel8:v1.7.3-4" }, { "product_name" : "Red Hat OpenShift Container Platform 4.10", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5729", "cpe" : "cpe:/a:redhat:openshift:4.10::el7", "package" : "atomic-openshift-service-idler-0:4.10.0-202207192015.p0.g39cfc66.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.10", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5729", "cpe" : "cpe:/a:redhat:openshift:4.10::el7", "package" : "cri-o-0:1.23.3-11.rhaos4.10.gitddf4b1a.1.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.10", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5729", "cpe" : "cpe:/a:redhat:openshift:4.10::el7", "package" : "openshift-0:4.10.0-202207192015.p0.g012e945.assembly.stream.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.10", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5729", "cpe" : "cpe:/a:redhat:openshift:4.10::el7", "package" : "openshift-clients-0:4.10.0-202207192015.p0.g45460a5.assembly.stream.el7" }, { "product_name" : "Red Hat OpenShift Data Foundation 4.11 on RHEL8", "release_date" : "2022-08-24T00:00:00Z", "advisory" : "RHSA-2022:6156", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.11::el8", "package" : "odf4/odf-csi-addons-sidecar-rhel8:v4.11.0-23" }, { "product_name" : "Red Hat OpenShift Data Foundation 4.11 on RHEL8", "release_date" : "2022-08-24T00:00:00Z", "advisory" : "RHSA-2022:6156", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.11::el8", "package" : "odf4/odf-topolvm-rhel8:v4.11.0-24" }, { "product_name" : "Red Hat OpenShift Data Foundation 4.11 on RHEL8", "release_date" : "2022-08-24T00:00:00Z", "advisory" : "RHSA-2022:6156", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.11::el8", "package" : "odf4/rook-ceph-rhel8-operator:v4.11.0-49" }, { "product_name" : "RHACS-3.72-RHEL-8", "release_date" : "2022-09-26T00:00:00Z", "advisory" : "RHSA-2022:6714", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3.72::el8", "package" : "advanced-cluster-security/rhacs-docs-rhel8:3.72.0-3" }, { "product_name" : "RHACS-3.72-RHEL-8", "release_date" : "2022-09-26T00:00:00Z", "advisory" : "RHSA-2022:6714", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3.72::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:3.72.0-3" }, { "product_name" : "RHACS-3.72-RHEL-8", "release_date" : "2022-09-26T00:00:00Z", "advisory" : "RHSA-2022:6714", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3.72::el8", "package" : "advanced-cluster-security/rhacs-rhel8-operator:3.72.0-3" }, { "product_name" : "RHACS-3.72-RHEL-8", "release_date" : "2022-09-26T00:00:00Z", "advisory" : "RHSA-2022:6714", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3.72::el8", "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:3.72.0-4" }, { "product_name" : "RHACS-3.72-RHEL-8", "release_date" : "2022-09-26T00:00:00Z", "advisory" : "RHSA-2022:6714", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3.72::el8", "package" : "advanced-cluster-security/rhacs-scanner-rhel8:3.72.0-3" }, { "product_name" : "RHACS-3.72-RHEL-8", "release_date" : "2022-09-26T00:00:00Z", "advisory" : "RHSA-2022:6714", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3.72::el8", "package" : "advanced-cluster-security/rhacs-scanner-slim-rhel8:3.72.0-3" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-25T00:00:00Z", "advisory" : "RHSA-2023:0408", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "container-native-virtualization/libguestfs-tools:v4.12.0-255" }, { "product_name" : "STF-1.5-RHEL-8", "release_date" : "2023-03-30T00:00:00Z", "advisory" : "RHSA-2023:1529", "cpe" : "cpe:/a:redhat:stf:1.5::el8", "package" : "stf/sg-core-rhel8:5.1.1-2" } ], "package_state" : [ { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Will not fix", "package_name" : "jenkins-operator-container", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Service Mesh 2.0", "fix_state" : "Affected", "package_name" : "servicemesh-grafana", "cpe" : "cpe:/a:redhat:service_mesh:2.0" }, { "product_name" : "OpenShift Service Mesh 2.0", "fix_state" : "Affected", "package_name" : "servicemesh-operator", "cpe" : "cpe:/a:redhat:service_mesh:2.0" }, { "product_name" : "OpenShift Service Mesh 2.0", "fix_state" : "Affected", "package_name" : "servicemesh-prometheus", "cpe" : "cpe:/a:redhat:service_mesh:2.0" }, { "product_name" : "OpenShift Service Mesh 2.1", "fix_state" : "Not affected", "package_name" : "servicemesh-proxy", "cpe" : "cpe:/a:redhat:service_mesh:2.1" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-apicast-operator-bundle-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "observatorium-operator-container", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/agent-service-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/assisted-installer-agent-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/cert-policy-controller-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/cluster-curator-controller-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/clusterlifecycle-state-metrics-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/governance-policy-propagator-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/governance-policy-spec-sync-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/iam-policy-controller-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/insights-client-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/klusterlet-addon-controller-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/multicloud-manager-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/multiclusterhub-repo-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/multiclusterhub-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/multicluster-operators-application-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/multicluster-operators-channel-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/multicluster-operators-placementrule-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/multicluster-operators-subscription-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/prometheus-alertmanager-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Will not fix", "package_name" : "rhacm2/rcm-controller-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/registration-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/registration-rhel8-operator", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/search-collector-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/search-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "thanos-contain", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "receptor", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ceph Storage 5", "fix_state" : "Affected", "package_name" : "rhceph/rhceph-5-dashboard-rhel8", "cpe" : "cpe:/a:redhat:ceph_storage:5" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "golang", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/numaresources-operator-bundle", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/mcg-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/gitops-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/clair-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-bridge-operator-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-builder-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-container-security-operator-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Service Telemetry Framework 1.4 for RHEL 8", "fix_state" : "Will not fix", "package_name" : "stf/sg-core-rhel8", "cpe" : "cpe:/a:redhat:stf:1.4::el8" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-29526\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29526\nhttps://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU" ], "name" : "CVE-2022-29526", "csaw" : false }