Bug 2030806 (CVE-2021-44717)
Summary: | CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abishop, admiller, alitke, amctagga, amuller, amurdaca, anharris, anpicker, aos-install, apevec, asm, bbennett, bdettelb, bmontgom, bniver, bodavis, caswilli, cnv-qe-bugs, crarobin, dbecker, dbenoit, dholler, dornelas, dwalsh, dwhatley, dymurray, emachado, eparis, erooth, etamir, fdeutsch, fdupont, fjansen, flucifre, gmeno, godas, hchiramm, hvyas, ibolton, jaharrin, jakob, jarrpa, jburrell, jcajka, jeder, jjoyce, jligon, jmadigan, jmatthew, jmontleo, jmulligan, jnovy, joelsmith, jokerman, jpadman, jschluet, jwendell, jwong, jwon, kaycoth, krathod, lball, lemenkov, lhh, lhinds, lmadsen, lmeyer, lpeer, lsm5, madam, maszulik, matzew, mbenjamin, mburns, mfojtik, mgarciac, mhackett, mkleinhe, mmagr, mnewsome, mpatel, mrunge, mrussell, mwringe, nbecker, ngough, nobody, nstielau, ocs-bugs, pamccart, phoracek, ploffay, rcernich, rfreiman, rhcos-triage, rhos-maint, rhs-bugs, rhuss, rphillips, rrajasek, rtalur, sabose, sclewis, sgott, slinaber, slucidi, sostapov, spasquie, sponnaga, sseago, stirabos, sttts, tcarlin, tnielsen, tstellar, tsweeney, twalsh, vereddy, vkumar, xxia |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Go 1.17.5, Go 1.16.12 | Doc Type: | If docs needed, set a value |
Doc Text: |
There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec().
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-11 19:45:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2030809, 2013628, 2030808, 2030810, 2030851, 2031256, 2031257, 2031258, 2031614, 2031615, 2031616, 2031617, 2031618, 2031619, 2031620, 2031621, 2031622, 2031623, 2031624, 2031625, 2031626, 2031627, 2031628, 2031629, 2031923, 2032330, 2032331, 2032332, 2032333, 2032334, 2032335, 2032337, 2032338, 2032339, 2032340, 2032341, 2032342, 2032343, 2032346, 2032347, 2032348, 2032349, 2032350, 2032351, 2032352, 2032353, 2032354, 2032355, 2032356, 2032357, 2032358, 2032359, 2032360, 2032361, 2032362, 2032363, 2032367, 2032368, 2032369, 2032370, 2032372, 2032373, 2032374, 2032375, 2032376, 2032377, 2032379, 2032380, 2032381, 2032382, 2032383, 2032384, 2032385, 2032386, 2032387, 2032388, 2032389, 2032390, 2032391, 2032392, 2032393, 2032394, 2032395, 2032396, 2032397, 2032398, 2032442, 2032443, 2032444, 2032445, 2032446, 2032954, 2033305, 2033306, 2033831, 2033832, 2033833, 2033834, 2033835, 2033836, 2035253, 2035255, 2035256, 2043455, 2043456, 2043457, 2043458, 2043459, 2043460, 2043461, 2043465, 2043466, 2043467, 2043470, 2093169 | ||
Bug Blocks: | 2030812 |
Description
Guilherme de Almeida Suckevicz
2021-12-09 18:41:07 UTC
Created golang tracking bugs for this issue: Affects: epel-all [bug 2030808] Affects: fedora-all [bug 2030810] Affects: openstack-rdo [bug 2030809] Upstream commits: https://go-review.googlesource.com/c/go/+/370577/ Upstream commits: https://go-review.googlesource.com/c/go/+/370576/ This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:5160 https://access.redhat.com/errata/RHSA-2021:5160 This issue has been addressed in the following products: Red Hat Developer Tools Via RHSA-2021:5176 https://access.redhat.com/errata/RHSA-2021:5176 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:0055 https://access.redhat.com/errata/RHSA-2022:0055 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:0056 https://access.redhat.com/errata/RHSA-2022:0056 This issue has been addressed in the following products: RHEL-8-CNV-4.10 Via RHSA-2022:0947 https://access.redhat.com/errata/RHSA-2022:0947 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2022:0927 https://access.redhat.com/errata/RHSA-2022:0927 This issue has been addressed in the following products: Openshift Serveless 1.21 Via RHSA-2022:1051 https://access.redhat.com/errata/RHSA-2022:1051 This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2022:1056 https://access.redhat.com/errata/RHSA-2022:1056 This issue has been addressed in the following products: RHODF-4.10-RHEL-8 Via RHSA-2022:1361 https://access.redhat.com/errata/RHSA-2022:1361 This issue has been addressed in the following products: RHODF-4.10-RHEL-8 Via RHSA-2022:1372 https://access.redhat.com/errata/RHSA-2022:1372 This issue has been addressed in the following products: Red Hat Migration Toolkit for Containers 1.7 Via RHSA-2022:1734 https://access.redhat.com/errata/RHSA-2022:1734 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-44717 This issue has been addressed in the following products: RHEL-8-CNV-4.11 Via RHSA-2022:6526 https://access.redhat.com/errata/RHSA-2022:6526 This issue has been addressed in the following products: RHEL-8-CNV-4.12 RHEL-7-CNV-4.12 Via RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407 This issue has been addressed in the following products: RHEL-8-CNV-4.12 Via RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408 |