Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2022-29224) (Multiple Advisories): olcne security update

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Oracle Linux: (CVE-2022-29224) (Multiple Advisories): olcne security update

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
06/09/2022
Created
07/16/2022
Added
07/12/2022
Modified
07/13/2022

Description

Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation.

Solution(s)

  • oracle-linux-upgrade-cri-o
  • oracle-linux-upgrade-cri-tools
  • oracle-linux-upgrade-etcd
  • oracle-linux-upgrade-istio
  • oracle-linux-upgrade-istio-istioctl
  • oracle-linux-upgrade-kata
  • oracle-linux-upgrade-kubeadm
  • oracle-linux-upgrade-kubectl
  • oracle-linux-upgrade-kubelet
  • oracle-linux-upgrade-kubernetes
  • oracle-linux-upgrade-olcne
  • oracle-linux-upgrade-olcne-agent
  • oracle-linux-upgrade-olcne-api-server
  • oracle-linux-upgrade-olcne-gluster-chart
  • oracle-linux-upgrade-olcne-grafana-chart
  • oracle-linux-upgrade-olcne-istio-chart
  • oracle-linux-upgrade-olcne-metallb-chart
  • oracle-linux-upgrade-olcne-nginx
  • oracle-linux-upgrade-olcne-oci-ccm-chart
  • oracle-linux-upgrade-olcne-oci-csi-chart
  • oracle-linux-upgrade-olcne-olm-chart
  • oracle-linux-upgrade-olcne-prometheus-chart
  • oracle-linux-upgrade-olcne-utils
  • oracle-linux-upgrade-olcnectl

References

  • ELSA-2022-9589
  • CVE-2022-29224

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;