Bug 2124669 (CVE-2022-27664)

Summary: CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abishop, adudiak, agerstmayr, amackenz, amasferr, amurdaca, ansmith, aoconnor, asm, ataylor, atodorov, bbaude, bcl, bcoca, bdettelb, bkundu, bniver, bodavis, chazlett, chousekn, cmeyers, davidn, dbenoit, dcadzow, debarshir, deparker, desktop-qa-list, dkenigsb, dwalsh, dwd, dwhatley, dymurray, eduardo.ramalho, eglynn, emachado, fdeutsch, flucifre, gblomqui, gmeno, go-sig, gparvin, grafana-maint, ibolton, jaharrin, jburrell, jcajka, jcammara, jcantril, jchui, jeder, jhardy, jjoyce, jligon, jmatthew, jmontleo, jnovy, jobarker, jpadman, jramanat, jross, jwendell, jwon, lball, lemenkov, lhh, lmadsen, lsm5, mabashia, matzew, maxwell, mbenjamin, mboddu, mburns, mcressma, mgarciac, mhackett, mheon, mkudlej, mnewsome, mrunge, mwringe, nathans, nboldt, njean, nobody, notting, ocs-bugs, opohorel, oramraz, osapryki, osbuilders, oskutka, pahickey, pehunt, periklis, pjindal, ploffay, pthomas, rcernich, relrod, rhcos-sst, rhos-maint, rhuss, rkieley, rpetrell, saroy, scorneli, sdoran, sfowler, sgott, sipoyare, slucidi, smcdonal, smullick, sostapov, spower, sseago, stcannon, tfister, tjochec, tkuratom, tstellar, tsweeney, twalsh, umohnani, vereddy, vkumar, whayutin, ytale
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: golang 1.19.1, golang 1.18.6 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-18 19:41:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2127944, 2125779, 2126630, 2126631, 2126633, 2126634, 2126635, 2126636, 2126637, 2126638, 2126639, 2126641, 2126642, 2126643, 2126644, 2126645, 2126646, 2126733, 2126734, 2126735, 2126739, 2126740, 2126741, 2126742, 2126743, 2126744, 2126745, 2126746, 2126747, 2126748, 2126749, 2126750, 2126751, 2126752, 2126753, 2126754, 2126755, 2126756, 2126757, 2126758, 2126759, 2126760, 2126761, 2126762, 2126763, 2126764, 2126765, 2126766, 2126767, 2126768, 2126769, 2126770, 2126771, 2126772, 2126773, 2127945, 2134425, 2134426, 2168805    
Bug Blocks: 2124673    

Description TEJ RATHI 2022-09-06 18:05:27 UTC 
A closing HTTP/2 server connection could hang forever waiting for a clean shutdown that was preempted by a subsequent fatal error. This failure mode could be exploited to cause a denial of service.

References:
https://go.dev/issue/54658
https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ

Upstream Commits:
Master: https://github.com/golang/go/commit/29af494fca8a25d7d46276f6d4835c4dcd09e47d
Branch.go1.18 : https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479
Branch.go1.19 : https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824
Comment 2 Avinash Hanwate 2022-09-14 07:51:39 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2126630]
Affects: fedora-all [bug 2126631]
Comment 9 errata-xmlrpc 2022-10-25 09:30:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7129 https://access.redhat.com/errata/RHSA-2022:7129
Comment 16 errata-xmlrpc 2022-11-24 04:14:09 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11

Via RHSA-2022:8535 https://access.redhat.com/errata/RHSA-2022:8535
Comment 17 errata-xmlrpc 2022-11-28 02:51:58 UTC 
This issue has been addressed in the following products:

  OADP-1.1-RHEL-8

Via RHSA-2022:8634 https://access.redhat.com/errata/RHSA-2022:8634
Comment 19 errata-xmlrpc 2022-11-28 20:43:53 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.11
  Ironic content for Red Hat OpenShift Container Platform 4.11

Via RHSA-2022:8626 https://access.redhat.com/errata/RHSA-2022:8626
Comment 20 errata-xmlrpc 2022-12-08 07:37:38 UTC 
This issue has been addressed in the following products:

  RHOL-5.5-RHEL-8

Via RHSA-2022:8781 https://access.redhat.com/errata/RHSA-2022:8781
Comment 39 errata-xmlrpc 2023-01-17 14:51:27 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2022:7398 https://access.redhat.com/errata/RHSA-2022:7398
Comment 40 errata-xmlrpc 2023-01-19 11:04:21 UTC 
This issue has been addressed in the following products:

  RHOL-5.6-RHEL-8

Via RHSA-2023:0264 https://access.redhat.com/errata/RHSA-2023:0264
Comment 41 errata-xmlrpc 2023-01-30 17:20:45 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.3 for RHEL 8

Via RHSA-2023:0542 https://access.redhat.com/errata/RHSA-2023:0542
Comment 49 errata-xmlrpc 2023-02-07 17:24:12 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8

Via RHSA-2023:0631 https://access.redhat.com/errata/RHSA-2023:0631
Comment 51 errata-xmlrpc 2023-02-09 02:17:46 UTC 
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2023:0693 https://access.redhat.com/errata/RHSA-2023:0693
Comment 52 errata-xmlrpc 2023-02-09 09:26:05 UTC 
This issue has been addressed in the following products:

  Openshift Serverless 1 on RHEL 8

Via RHSA-2023:0708 https://access.redhat.com/errata/RHSA-2023:0708
Comment 53 errata-xmlrpc 2023-02-09 12:05:22 UTC 
This issue has been addressed in the following products:

  RHOSS-1.27-RHEL-8

Via RHSA-2023:0709 https://access.redhat.com/errata/RHSA-2023:0709
Comment 58 errata-xmlrpc 2023-03-06 18:40:41 UTC 
This issue has been addressed in the following products:

  OpenShift Custom Metrics Autoscaler 2

Via RHSA-2023:1042 https://access.redhat.com/errata/RHSA-2023:1042
Comment 61 errata-xmlrpc 2023-03-15 19:55:55 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1
  Red Hat OpenStack Platform 16.2

Via RHSA-2023:1275 https://access.redhat.com/errata/RHSA-2023:1275
Comment 62 errata-xmlrpc 2023-03-30 00:43:46 UTC 
This issue has been addressed in the following products:

  STF-1.5-RHEL-8

Via RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529
Comment 66 errata-xmlrpc 2023-05-09 07:13:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2167 https://access.redhat.com/errata/RHSA-2023:2167
Comment 67 errata-xmlrpc 2023-05-09 07:13:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2177 https://access.redhat.com/errata/RHSA-2023:2177
Comment 68 errata-xmlrpc 2023-05-09 07:15:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2193 https://access.redhat.com/errata/RHSA-2023:2193
Comment 69 errata-xmlrpc 2023-05-09 07:17:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2204 https://access.redhat.com/errata/RHSA-2023:2204
Comment 70 errata-xmlrpc 2023-05-09 07:20:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2236 https://access.redhat.com/errata/RHSA-2023:2236
Comment 71 errata-xmlrpc 2023-05-09 07:35:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2357 https://access.redhat.com/errata/RHSA-2023:2357
Comment 74 errata-xmlrpc 2023-05-16 08:09:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758
Comment 75 errata-xmlrpc 2023-05-16 08:11:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2780 https://access.redhat.com/errata/RHSA-2023:2780
Comment 76 errata-xmlrpc 2023-05-16 08:12:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2784 https://access.redhat.com/errata/RHSA-2023:2784
Comment 77 errata-xmlrpc 2023-05-16 08:12:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2785 https://access.redhat.com/errata/RHSA-2023:2785
Comment 78 errata-xmlrpc 2023-05-16 08:14:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2802 https://access.redhat.com/errata/RHSA-2023:2802
Comment 80 errata-xmlrpc 2023-05-18 00:36:23 UTC 
This issue has been addressed in the following products:

  RHEL-9-CNV-4.13
  RHEL-7-CNV-4.13
  RHEL-8-CNV-4.13

Via RHSA-2023:3204 https://access.redhat.com/errata/RHSA-2023:3204
Comment 81 errata-xmlrpc 2023-05-18 02:55:12 UTC 
This issue has been addressed in the following products:

  RHEL-9-CNV-4.13

Via RHSA-2023:3205 https://access.redhat.com/errata/RHSA-2023:3205
Comment 82 errata-xmlrpc 2023-05-18 14:27:40 UTC 
This issue has been addressed in the following products:

  OSSO-1.1-RHEL-8

Via RHSA-2023:0584 https://access.redhat.com/errata/RHSA-2023:0584
Comment 83 Product Security DevOps Team 2023-05-18 19:41:12 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-27664
Comment 84 errata-xmlrpc 2023-06-15 16:00:49 UTC 
This issue has been addressed in the following products:

  Red Hat Ceph Storage 6.1

Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
Comment 85 errata-xmlrpc 2023-06-22 19:51:46 UTC 
This issue has been addressed in the following products:

  RHODF-4.13-RHEL-9

Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742
Comment 86 errata-xmlrpc 2023-06-26 01:15:52 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:3613 https://access.redhat.com/errata/RHSA-2023:3613
Comment 88 errata-xmlrpc 2023-08-23 16:42:39 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2023:4674 https://access.redhat.com/errata/RHSA-2023:4674
Comment 89 errata-xmlrpc 2023-08-30 19:56:20 UTC 
This issue has been addressed in the following products:

  Ironic content for Red Hat OpenShift Container Platform 4.13
  Red Hat OpenShift Container Platform 4.13

Via RHSA-2023:4734 https://access.redhat.com/errata/RHSA-2023:4734
Comment 91 errata-xmlrpc 2023-10-31 14:02:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5009 https://access.redhat.com/errata/RHSA-2023:5009
Comment 92 errata-xmlrpc 2024-01-10 11:27:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0121 https://access.redhat.com/errata/RHSA-2024:0121