Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-53492 (GCVE-0-2026-53492)
Vulnerability from cvelistv5 – Published: 2026-07-01 17:59 – Updated: 2026-07-02 12:50| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
>= 2.1.0, < 2.1.9
Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T12:50:36.308393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:50:43.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod\u0027s create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:59:12.552Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
}
],
"source": {
"advisory": "GHSA-33vj-92qq-66hc",
"discovery": "UNKNOWN"
},
"title": "containerd CRI checkpoint restore CDI annotation smuggling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-53492",
"datePublished": "2026-07-01T17:59:12.552Z",
"dateReserved": "2026-06-09T17:05:25.059Z",
"dateUpdated": "2026-07-02T12:50:43.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-53492",
"date": "2026-07-08",
"epss": "0.00412",
"percentile": "0.33106"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-53492\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-07-01T19:16:54.510\",\"lastModified\":\"2026-07-02T19:33:00.930\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod\u0027s create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"containerd\",\"product\":\"containerd\",\"versions\":[{\"version\":\"\u003e= 2.1.0, \u003c 2.1.9\",\"status\":\"affected\"},{\"version\":\"\u003e= 2.2.0, \u003c 2.2.5\",\"status\":\"affected\"},{\"version\":\"\u003e= 2.3.0, \u003c 2.3.2\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-02T12:50:36.308393Z\",\"id\":\"CVE-2026-53492\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndExcluding\":\"2.1.9\",\"matchCriteriaId\":\"A83AFFD7-0DA1-43A4-88AC-2E56305B70D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.5\",\"matchCriteriaId\":\"B62A9FED-C400-4641-AE8B-AE7594307011\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.3.2\",\"matchCriteriaId\":\"B45FCE68-7923-499A-9059-1483851FCADE\"}]}]}],\"references\":[{\"url\":\"https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-53492\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-02T12:50:36.308393Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-02T12:50:39.387Z\"}}], \"cna\": {\"title\": \"containerd CRI checkpoint restore CDI annotation smuggling\", \"source\": {\"advisory\": \"GHSA-33vj-92qq-66hc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"containerd\", \"product\": \"containerd\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.1.0, \u003c 2.1.9\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.2.0, \u003c 2.2.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 2.3.0, \u003c 2.3.2\"}]}], \"references\": [{\"url\": \"https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc\", \"name\": \"https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod\u0027s create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-07-01T17:59:12.552Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-53492\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-02T12:50:43.273Z\", \"dateReserved\": \"2026-06-09T17:05:25.059Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-07-01T17:59:12.552Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-53492
Vulnerability from fkie_nvd - Published: 2026-07-01 19:16 - Updated: 2026-07-02 19:33| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc | Mitigation, Vendor Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | containerd | * | |
| linuxfoundation | containerd | * | |
| linuxfoundation | containerd | * |
{
"affected": [
{
"affectedData": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A83AFFD7-0DA1-43A4-88AC-2E56305B70D1",
"versionEndExcluding": "2.1.9",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B62A9FED-C400-4641-AE8B-AE7594307011",
"versionEndExcluding": "2.2.5",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B45FCE68-7923-499A-9059-1483851FCADE",
"versionEndExcluding": "2.3.2",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod\u0027s create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9."
}
],
"id": "CVE-2026-53492",
"lastModified": "2026-07-02T19:33:00.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-53492",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T12:50:36.308393Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-07-01T19:16:54.510",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-33VJ-92QQ-66HC
Vulnerability from github – Published: 2026-06-19 19:35 – Updated: 2026-06-19 19:35Impact
containerd's CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected.
Patches
This bug has been fixed in the following containerd versions:
- 2.3.2
- 2.2.5
- 2.1.9
Users should update to these versions to resolve the issue. Recreating existing containers restored from untrusted checkpoints may be necessary to remove smuggled configuration.
Workarounds
Users can mitigate this issue by restricting the restoration of containers from untrusted checkpoint images. If Container Device Interface (CDI) capabilities are not utilized on the node, removing or temporarily relocating host CDI specifications from the default directories (/etc/cdi and /var/run/cdi) will eliminate the reachability of this vulnerability.
Credits
The containerd project would like to thank Robert Prast (@robertprast) for responsibly disclosing this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
- Open an issue in containerd
- Email us at security@containerd.io
To report a security issue in containerd: * Report a new vulnerability * Email us at security@containerd.io
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-53492"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T19:35:40Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\n\ncontainerd\u0027s CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod\u0027s create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected.\n\n### Patches\n\nThis bug has been fixed in the following containerd versions:\n\n* 2.3.2\n* 2.2.5\n* 2.1.9\n\nUsers should update to these versions to resolve the issue. Recreating existing containers restored from untrusted checkpoints may be necessary to remove smuggled configuration.\n\n### Workarounds\n\nUsers can mitigate this issue by restricting the restoration of containers from untrusted checkpoint images. If Container Device Interface (CDI) capabilities are not utilized on the node, removing or temporarily relocating host CDI specifications from the default directories (`/etc/cdi` and `/var/run/cdi`) will eliminate the reachability of this vulnerability.\n\n### Credits\n\nThe containerd project would like to thank Robert Prast (@robertprast) for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)",
"id": "GHSA-33vj-92qq-66hc",
"modified": "2026-06-19T19:35:40Z",
"published": "2026-06-19T19:35:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
},
{
"type": "PACKAGE",
"url": "https://github.com/containerd/containerd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N",
"type": "CVSS_V4"
}
],
"summary": "containerd CRI checkpoint restore CDI annotation smuggling"
}
OPENSUSE-SU-2026:11102-1
Vulnerability from csaf_opensuse - Published: 2026-06-22 00:00 - Updated: 2026-06-22 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "trivy-0.71.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the trivy-0.71.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11102",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11102-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-47262 page",
"url": "https://www.suse.com/security/cve/CVE-2026-47262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-50195 page",
"url": "https://www.suse.com/security/cve/CVE-2026-50195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53488 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53489 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53492 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53492/"
}
],
"title": "trivy-0.71.2-1.1 on GA media",
"tracking": {
"current_release_date": "2026-06-22T00:00:00Z",
"generator": {
"date": "2026-06-22T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11102-1",
"initial_release_date": "2026-06-22T00:00:00Z",
"revision_history": [
{
"date": "2026-06-22T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.2-1.1.aarch64",
"product": {
"name": "trivy-0.71.2-1.1.aarch64",
"product_id": "trivy-0.71.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.2-1.1.ppc64le",
"product": {
"name": "trivy-0.71.2-1.1.ppc64le",
"product_id": "trivy-0.71.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.2-1.1.s390x",
"product": {
"name": "trivy-0.71.2-1.1.s390x",
"product_id": "trivy-0.71.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.71.2-1.1.x86_64",
"product": {
"name": "trivy-0.71.2-1.1.x86_64",
"product_id": "trivy-0.71.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64"
},
"product_reference": "trivy-0.71.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le"
},
"product_reference": "trivy-0.71.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x"
},
"product_reference": "trivy-0.71.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.71.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
},
"product_reference": "trivy-0.71.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-47262"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-47262",
"url": "https://www.suse.com/security/cve/CVE-2026-47262"
},
{
"category": "external",
"summary": "SUSE Bug 1268405 for CVE-2026-47262",
"url": "https://bugzilla.suse.com/1268405"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-47262"
},
{
"cve": "CVE-2026-50195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-50195"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-50195",
"url": "https://www.suse.com/security/cve/CVE-2026-50195"
},
{
"category": "external",
"summary": "SUSE Bug 1268399 for CVE-2026-50195",
"url": "https://bugzilla.suse.com/1268399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-50195"
},
{
"cve": "CVE-2026-53488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53488"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53488",
"url": "https://www.suse.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "SUSE Bug 1268400 for CVE-2026-53488",
"url": "https://bugzilla.suse.com/1268400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-53488"
},
{
"cve": "CVE-2026-53489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53489"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53489",
"url": "https://www.suse.com/security/cve/CVE-2026-53489"
},
{
"category": "external",
"summary": "SUSE Bug 1268404 for CVE-2026-53489",
"url": "https://bugzilla.suse.com/1268404"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-53489"
},
{
"cve": "CVE-2026-53492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53492"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53492",
"url": "https://www.suse.com/security/cve/CVE-2026-53492"
},
{
"category": "external",
"summary": "SUSE Bug 1268403 for CVE-2026-53492",
"url": "https://bugzilla.suse.com/1268403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.71.2-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.71.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-53492"
}
]
}
RHSA-2026:15862
Vulnerability from csaf_redhat - Published: 2026-05-09 15:24 - Updated: 2026-07-08 20:59A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
A flaw was found in OpenTelemetry-Go (before schema package version 0.0.17). ParseFile in go.opentelemetry.io/otel/schema/v1.0 and v1.1 opens a schema file and passes it to Parse without closing it, leaking one file descriptor per successful call. Repeated parsing in a long-running process can exhaust the file descriptor limit and cause denial of service.
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal (CWE-61), allows an attacker to read arbitrary files on the host system by manipulating symlinked paths during the checkpoint restore process. This can lead to unauthorized information disclosure from the host.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:trivy-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:trivy-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:trivy-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. This vulnerability enables a user with permissions to create pods to bypass standard Kubernetes resource allocation and device plugin enforcement. Consequently, an attacker can inject arbitrary CDI edits, such as device nodes and host mounts, into the restored container, potentially leading to unauthorized resource access or privilege escalation.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ntrivy:\n * trivy-0.69.3-1.2.hum1 (aarch64, x86_64)\n * trivy-0.69.3-1.2.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:15862",
"url": "https://access.redhat.com/errata/RHSA-2026:15862"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45287",
"url": "https://access.redhat.com/security/cve/CVE-2026-45287"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53492",
"url": "https://access.redhat.com/security/cve/CVE-2026-53492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53489",
"url": "https://access.redhat.com/security/cve/CVE-2026-53489"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40898",
"url": "https://access.redhat.com/security/cve/CVE-2026-40898"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_15862.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-08T20:59:00+00:00",
"generator": {
"date": "2026-07-08T20:59:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:15862",
"initial_release_date": "2026-05-09T15:24:33+00:00",
"revision_history": [
{
"date": "2026-05-09T15:24:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-02T23:41:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T20:59:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-main@aarch64",
"product": {
"name": "trivy-main@aarch64",
"product_id": "trivy-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/trivy@0.69.3-1.2.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-main@src",
"product": {
"name": "trivy-main@src",
"product_id": "trivy-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/trivy@0.69.3-1.2.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-main@x86_64",
"product": {
"name": "trivy-main@x86_64",
"product_id": "trivy-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/trivy@0.69.3-1.2.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:trivy-main@aarch64"
},
"product_reference": "trivy-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:trivy-main@src"
},
"product_reference": "trivy-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:trivy-main@x86_64"
},
"product_reference": "trivy-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-09T15:24:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15862"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-45287",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-06-04T16:01:14.155335+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484831"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenTelemetry-Go (before schema package version 0.0.17). ParseFile in go.opentelemetry.io/otel/schema/v1.0 and v1.1 opens a schema file and passes it to Parse without closing it, leaking one file descriptor per successful call. Repeated parsing in a long-running process can exhaust the file descriptor limit and cause denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go.opentelemetry.io/otel: go.opentelemetry.io/otel/schema/v1.0: go.opentelemetry.io/otel/schema/v1.1: OpenTelemetry-Go: Denial of Service due to file descriptor leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenTelemetry-Go schema parsing is vulnerable to file descriptor leak in ParseFile for otel/schema v1.0 and v1.1. An attacker who can cause repeated schema parsing against an attacker-influenced file path in a long-running Go process may exhaust file descriptors and crash or stall the service. Exposure is limited to applications that expose schema parsing to untrusted paths; many Red Hat Go services bundle the library transitively without hitting this code path.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45287"
},
{
"category": "external",
"summary": "RHBZ#2484831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484831"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45287"
},
{
"category": "external",
"summary": "https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd80336a179028bc34684",
"url": "https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd80336a179028bc34684"
},
{
"category": "external",
"summary": "https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d65705248715aa97021ba8d",
"url": "https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d65705248715aa97021ba8d"
},
{
"category": "external",
"summary": "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m",
"url": "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m"
}
],
"release_date": "2026-06-04T14:45:54.522000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-09T15:24:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15862"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "go.opentelemetry.io/otel: go.opentelemetry.io/otel/schema/v1.0: go.opentelemetry.io/otel/schema/v1.1: OpenTelemetry-Go: Denial of Service due to file descriptor leak"
},
{
"cve": "CVE-2026-53489",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-07-01T19:01:30.964031+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2496129"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal (CWE-61), allows an attacker to read arbitrary files on the host system by manipulating symlinked paths during the checkpoint restore process. This can lead to unauthorized information disclosure from the host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is not exploitable in several Red Hat products listed in the affect table. These products use CRI-O as the container runtime rather than containerd. Although some shipped images include the containerd Go module (primarily v1.x, and in a few cases containerd v2.x API client libraries) as a build-time dependency for OCI image handling, they do not execute the containerd daemon or its CRI plugin. As a result, the vulnerable containerd CRI checkpoint-restore code path is not exercised.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53489"
},
{
"category": "external",
"summary": "RHBZ#2496129",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496129"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53489",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53489"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53489",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53489"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388"
}
],
"release_date": "2026-07-01T18:10:41.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-09T15:24:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15862"
},
{
"category": "workaround",
"details": "For Red Hat OpenShift and layered products, CRI-O is the supported container runtime, so the vulnerable containerd CRI checkpoint-restore code path is not exercised during normal cluster operation. Customers should nevertheless apply Red Hat product errata as they become available to receive updates for affected operator, must-gather and tooling images that may bundle the containerd Go module.\n\nIf containerd is deployed as the container runtime with CRI checkpoint/restore enabled, disable checkpoint/restore functionality until a fixed version of containerd can be applied.",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore"
},
{
"cve": "CVE-2026-53492",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2026-07-01T19:01:34.238078+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2496130"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. This vulnerability enables a user with permissions to create pods to bypass standard Kubernetes resource allocation and device plugin enforcement. Consequently, an attacker can inject arbitrary CDI edits, such as device nodes and host mounts, into the restored container, potentially leading to unauthorized resource access or privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Important. In Red Hat OpenShift Container Platform, a user with pod creation permissions could bypass standard Kubernetes resource allocation and device plugin enforcement. This is due to containerd\u0027s Container Runtime Interface (CRI) improperly trusting Container Device Interface (CDI) annotations during container restoration. Exploitation requires CDI to be enabled on the node and a matching host CDI specification for the requested device.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53492"
},
{
"category": "external",
"summary": "RHBZ#2496130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496130"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53492"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
}
],
"release_date": "2026-07-01T17:59:12.552000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-09T15:24:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15862"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:trivy-main@aarch64",
"Red Hat Hardened Images:trivy-main@src",
"Red Hat Hardened Images:trivy-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration."
}
]
}
RHSA-2026:32974
Vulnerability from csaf_redhat - Published: 2026-06-29 09:51 - Updated: 2026-07-08 21:01A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd process to terminate. This results in a Denial of Service (DoS) condition, making the container runtime API unavailable and disrupting clients like Docker Engine or Kubernetes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:syft-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:syft-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:syft-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. This vulnerability enables a user with permissions to create pods to bypass standard Kubernetes resource allocation and device plugin enforcement. Consequently, an attacker can inject arbitrary CDI edits, such as device nodes and host mounts, into the restored container, potentially leading to unauthorized resource access or privilege escalation.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nsyft:\n * syft-1.46.0-0.1.hum1 (aarch64, x86_64)\n * syft-1.46.0-0.1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:32974",
"url": "https://access.redhat.com/errata/RHSA-2026:32974"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47262",
"url": "https://access.redhat.com/security/cve/CVE-2026-47262"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53492",
"url": "https://access.redhat.com/security/cve/CVE-2026-53492"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_32974.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-08T21:01:15+00:00",
"generator": {
"date": "2026-07-08T21:01:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:32974",
"initial_release_date": "2026-06-29T09:51:10+00:00",
"revision_history": [
{
"date": "2026-06-29T09:51:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-02T13:33:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-08T21:01:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "syft-main@aarch64",
"product": {
"name": "syft-main@aarch64",
"product_id": "syft-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/syft@1.46.0-0.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "syft-main@src",
"product": {
"name": "syft-main@src",
"product_id": "syft-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/syft@1.46.0-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "syft-main@x86_64",
"product": {
"name": "syft-main@x86_64",
"product_id": "syft-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/syft@1.46.0-0.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "syft-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:syft-main@aarch64"
},
"product_reference": "syft-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syft-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:syft-main@src"
},
"product_reference": "syft-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "syft-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:syft-main@x86_64"
},
"product_reference": "syft-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47262",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-07-01T19:01:12.673142+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2496126"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd process to terminate. This results in a Denial of Service (DoS) condition, making the container runtime API unavailable and disrupting clients like Docker Engine or Kubernetes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat\u0027s container platform uses CRI-O as its container runtime interface, not containerd. While containerd libraries are bundled in some images for OCI image operations (e.g., estargz support via skopeo), the containerd daemon and its CRI plugin (where the vulnerable group-parsing code path exists) are not executed. Therefore, this vulnerability is not exploitable in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:syft-main@aarch64",
"Red Hat Hardened Images:syft-main@src",
"Red Hat Hardened Images:syft-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47262"
},
{
"category": "external",
"summary": "RHBZ#2496126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496126"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47262",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47262"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47262",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47262"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq"
}
],
"release_date": "2026-07-01T17:48:43.205000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T09:51:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:syft-main@aarch64",
"Red Hat Hardened Images:syft-main@src",
"Red Hat Hardened Images:syft-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:32974"
},
{
"category": "workaround",
"details": "No mitigation is needed for Red Hat products. The vulnerable code path in containerd\u0027s CRI plugin group-parsing logic is not executed because Red Hat uses CRI-O as the container runtime. Products that bundle containerd as a library dependency for OCI image operations are not affected.",
"product_ids": [
"Red Hat Hardened Images:syft-main@aarch64",
"Red Hat Hardened Images:syft-main@src",
"Red Hat Hardened Images:syft-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:syft-main@aarch64",
"Red Hat Hardened Images:syft-main@src",
"Red Hat Hardened Images:syft-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/containerd/containerd: containerd: Denial of Service via maliciously crafted image leading to unbounded group parsing"
},
{
"cve": "CVE-2026-53492",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2026-07-01T19:01:34.238078+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2496130"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. This vulnerability enables a user with permissions to create pods to bypass standard Kubernetes resource allocation and device plugin enforcement. Consequently, an attacker can inject arbitrary CDI edits, such as device nodes and host mounts, into the restored container, potentially leading to unauthorized resource access or privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Important. In Red Hat OpenShift Container Platform, a user with pod creation permissions could bypass standard Kubernetes resource allocation and device plugin enforcement. This is due to containerd\u0027s Container Runtime Interface (CRI) improperly trusting Container Device Interface (CDI) annotations during container restoration. Exploitation requires CDI to be enabled on the node and a matching host CDI specification for the requested device.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:syft-main@aarch64",
"Red Hat Hardened Images:syft-main@src",
"Red Hat Hardened Images:syft-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53492"
},
{
"category": "external",
"summary": "RHBZ#2496130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496130"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53492"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
}
],
"release_date": "2026-07-01T17:59:12.552000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T09:51:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:syft-main@aarch64",
"Red Hat Hardened Images:syft-main@src",
"Red Hat Hardened Images:syft-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:32974"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:syft-main@aarch64",
"Red Hat Hardened Images:syft-main@src",
"Red Hat Hardened Images:syft-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration."
}
]
}
RHSA-2026:36873
Vulnerability from csaf_redhat - Published: 2026-07-08 20:50 - Updated: 2026-07-09 09:55A memory exhaustion vulnerability was found in CoreDNS when operating with QUIC traffic streams. The CoreDNS server in affected versions would spawn a new goroutine for each incoming QUIC stream without limit. This flaw allows a malicious user to create an unbounded number of QUIC streams and consume all available resources, leading to an application level denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS's loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted repository data and filesystem structures, leading to panics, infinite loops, uncontrolled recursion, or excessive resource consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
Workaround
|
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. This vulnerability enables a user with permissions to create pods to bypass standard Kubernetes resource allocation and device plugin enforcement. Consequently, an attacker can inject arbitrary CDI edits, such as device nodes and host mounts, into the restored container, potentially leading to unauthorized resource access or privilege escalation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 | — | ||
| Unresolved product id: Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Submariner v0.20 General Availability release images, which provide enhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.\nRed Hat Advanced Cluster Management for Kubernetes v2.13",
"title": "Topic"
},
{
"category": "general",
"text": "Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36873",
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47950",
"url": "https://access.redhat.com/security/cve/CVE-2025-47950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59530",
"url": "https://access.redhat.com/security/cve/CVE-2025-59530"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68151",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26017",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26018",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44740",
"url": "https://access.redhat.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53488",
"url": "https://access.redhat.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53492",
"url": "https://access.redhat.com/security/cve/CVE-2026-53492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36873.json"
}
],
"title": "Red Hat Security Advisory: Submariner v0.20 security fixes and container updates",
"tracking": {
"current_release_date": "2026-07-09T09:55:29+00:00",
"generator": {
"date": "2026-07-09T09:55:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:36873",
"initial_release_date": "2026-07-08T20:50:51+00:00",
"revision_history": [
{
"date": "2026-07-08T20:50:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-08T20:50:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T09:55:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.13::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Management for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Af856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1782924920"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1782924937"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3Ae17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1782926302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1782945263"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256%3Adddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-operator-bundle\u0026tag=1783001304"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1782925247"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1782925266"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3Abda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1782933193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1782925328"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ab6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1782924920"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1782924937"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1782926302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Ae0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1782945263"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3Ae2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1782925247"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1782925266"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1782933193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3Afb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1782925328"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ac045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1782924920"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Af10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1782924937"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3Acbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1782926302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Ad6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1782945263"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1782925247"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Acdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1782925266"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1782933193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1782925328"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-agent-rhel9\u0026tag=1782924920"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/lighthouse-coredns-rhel9\u0026tag=1782924937"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/nettest-rhel9\u0026tag=1782926302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Aa8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/subctl-rhel9\u0026tag=1782945263"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3Acdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-gateway-rhel9\u0026tag=1782925247"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-globalnet-rhel9\u0026tag=1782925266"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3Acda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-rhel9-operator\u0026tag=1782933193"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2/submariner-route-agent-rhel9\u0026tag=1782925328"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.13",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47950",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-06-06T18:00:49.860708+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370860"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion vulnerability was found in CoreDNS when operating with QUIC traffic streams. The CoreDNS server in affected versions would spawn a new goroutine for each incoming QUIC stream without limit. This flaw allows a malicious user to create an unbounded number of QUIC streams and consume all available resources, leading to an application level denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "On a Red Hat system, a denial of service to the CoreDNS service will not take down the host system, so the availability impact is assessed as Low for Red Hat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47950"
},
{
"category": "external",
"summary": "RHBZ#2370860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47950"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9250",
"url": "https://datatracker.ietf.org/doc/html/rfc9250"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1",
"url": "https://github.com/coredns/coredns/commit/efaed02c6a480ec147b1f799aab7cf815b17dfe1"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-cvx7-x8pj-x2gw"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go",
"url": "https://github.com/quic-go/quic-go"
},
{
"category": "external",
"summary": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella",
"url": "https://www.usenix.org/conference/usenixsecurity23/presentation/botella"
}
],
"release_date": "2025-06-06T17:32:30.218000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Users unable to upgrade should manually disable the QUIC protocol support.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "coredns: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification"
},
{
"cve": "CVE-2025-59530",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-10-10T17:01:16.758297+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403125"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability risk is limited to applications which includethe quic-go library. Host Red Hat systems are not at risk of availability degradation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59530"
},
{
"category": "external",
"summary": "RHBZ#2403125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59530",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59530"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685",
"url": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/pull/5354",
"url": "https://github.com/quic-go/quic-go/pull/5354"
},
{
"category": "external",
"summary": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw",
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw"
}
],
"release_date": "2025-10-10T16:09:55.227000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-68151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-08T16:01:04.891768+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428009"
}
],
"notes": [
{
"category": "description",
"text": "Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "RHBZ#2428009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812",
"url": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/pull/7490",
"url": "https://github.com/coredns/coredns/pull/7490"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2"
}
],
"release_date": "2026-01-08T15:33:12.711000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages"
},
{
"cve": "CVE-2026-26017",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-03-06T16:01:45.971241+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as \u0027acl\u0027, are evaluated before the \u0027rewrite\u0027 plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "RHBZ#2445244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26017"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
}
],
"release_date": "2026-03-06T15:36:15.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw"
},
{
"cve": "CVE-2026-26018",
"cwe": {
"id": "CWE-1241",
"name": "Use of Predictable Algorithm in Random Number Generator"
},
"discovery_date": "2026-03-06T16:01:38.150099+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445242"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS\u0027s loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "RHBZ#2445242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
}
],
"release_date": "2026-03-06T15:35:50.801000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation"
},
{
"cve": "CVE-2026-44740",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-01T17:01:53.685793+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483894"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted repository data and filesystem structures, leading to panics, infinite loops, uncontrolled recursion, or excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is rated as an Important severity issue. The `go-billy` library, a Go filesystem abstraction, is vulnerable to a denial of service when processing crafted or malformed input, such as untrusted repository data or filesystem structures. Insufficient validation and missing safety mechanisms can lead to panics, infinite loops, or excessive resource consumption, potentially impacting the availability of applications that rely on this library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44740"
},
{
"category": "external",
"summary": "RHBZ#2483894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483894"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44740"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-billy/releases/tag/v5.9.0",
"url": "https://github.com/go-git/go-billy/releases/tag/v5.9.0"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1",
"url": "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1"
},
{
"category": "external",
"summary": "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6",
"url": "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6"
}
],
"release_date": "2026-06-01T16:04:50.358000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "To mitigate the issue, we suggest upgrading to versions 5.9.0+ or 6.0.0-alpha.1+",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-git/go-billy: Billy: Denial of Service via crafted input due to insufficient validation"
},
{
"cve": "CVE-2026-53488",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-07-01T02:01:09.589815+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2495815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in containerd where the CRI plugin propagates labels from an image configuration (LABEL instruction in a Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host via a plugin that consumes container labels for operations, such as the restart-monitor binary:// logger. An attacker who can cause a crafted container image to be pulled and run can achieve host-level code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "RHBZ#2495815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp"
}
],
"release_date": "2026-07-01T00:11:20.610000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
},
{
"category": "workaround",
"details": "Restrict container image pulls to trusted registries using admission policies or image signature verification. Where containerd is used as the container runtime, disable or restrict the binary:// logger URI scheme in the containerd configuration to prevent the label-to-logger attack path.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin"
},
{
"cve": "CVE-2026-53492",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2026-07-01T19:01:34.238078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2496130"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. This vulnerability enables a user with permissions to create pods to bypass standard Kubernetes resource allocation and device plugin enforcement. Consequently, an attacker can inject arbitrary CDI edits, such as device nodes and host mounts, into the restored container, potentially leading to unauthorized resource access or privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Important. In Red Hat OpenShift Container Platform, a user with pod creation permissions could bypass standard Kubernetes resource allocation and device plugin enforcement. This is due to containerd\u0027s Container Runtime Interface (CRI) improperly trusting Container Device Interface (CDI) annotations during container restoration. Exploitation requires CDI to be enabled on the node and a matching host CDI specification for the requested device.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53492"
},
{
"category": "external",
"summary": "RHBZ#2496130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2496130"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53492"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
}
],
"release_date": "2026-07-01T17:59:12.552000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-08T20:50:51+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-17819\n* ACM-21727\n* ACM-21731\n* ACM-24786\n* ACM-25148\n* ACM-25152\n* ACM-25169\n* ACM-29510\n* ACM-29564\n* ACM-29565\n* ACM-29574\n* ACM-29584\n* ACM-29585\n* ACM-29586\n* ACM-29587\n* ACM-29774\n* ACM-29775\n* ACM-29800\n* ACM-30133\n* ACM-30722\n* ACM-30723\n* ACM-30724\n* ACM-30725\n* ACM-30970\n* ACM-36662\n* ACM-37000\n* ACM-37038\n* ACM-7515\n* ACM-8292\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36873"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:08c46fced26b98ad3e1a07a3f3c7239521d916bfe116d2e7a44068011319ccd3_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b6aac33c3af11a883a7c45d6dc8392d9ffc8fff09b21f31404b97e48beebbe7b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c045357b268bc940f2ccd50d17eaeba2a80f332a4b76baff1fcfdec8992eb785_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:f856073e50bb0cc5519d7ec413e4ff92da750fbce141cefbeaf3dd945149ea06_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:2d9c2c52df2251db58f47eb0b982ecf62175d9aa29ba7a6a3d72001034441390_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:4fb8d0f81059a89c233aa55d72b5007c42811557a815ce0ec7f3ee042cb6a560_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:548a13d40574a1efd59f327a0d9193ff8e0109b571645ea16721347a89774e0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:f10f17672a539dd7a7f5f40b52d9bed10ea03438141259e7fbe75373c73985f5_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:0bafca38a2e80233c1b859d4bc2d9bde815678460cf71d5aac5804a1524344dc_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:74f9c159bf2af9e6fc2188234ba7146f00519f130e9d7c2d14902e73a0c115bd_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:cbbb16e36221a15955a62d54ff631029080ab27f92d8c6b9e4507bf4d32b686f_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/nettest-rhel9@sha256:e17325bedd6b7212772ea2888a703b159115cd573320c5313bd649c962674e60_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:438c6d99281497b67dfdf4d2bb5f5c13abf1fce3ea6f50d96ed5f5c88fe5086e_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:a8b2139b2664316d43fc31479c468b4af7afb0d370a81a794bd71dbb4d97de0f_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d6e2d8f486276918329ca386bd54385d944009a412830d8d3c175ab38f23dcf4_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/subctl-rhel9@sha256:e0e37798c3c66494c68259d79ead0e18fe7327f27c7babf72386b210595f1877_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:3ddcf732be3481259c42b647cb273b5968ddf2d5ff5c31de4ee8cfbe3182c238_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:9abe7999226734514841159e0555e5a13be581b84c7bd9899f7f956dae5fea07_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:cdd5f5b983486e39cdaa76f3fb97266994863b68be8dd1fabdba8592f0f4b581_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:e2da53cce8f1e6fa1a6d235047b709835f08d1186833baae48ce106dd9029e25_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:1605dc6f3baba80be77d26e09d32a3adfc4711fdbf90dca8f821dcae6131cb95_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:21f72fb118a708fcf5e0bb6dc5091954275f0496c0f4fbd67937c2ef6e94a12b_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:4e0213961fd6865df9076e5c613370a45f68ba6fef646e0e23492358d00d167c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:cdb56f8231fef80d46bf68132c1e7a40fd2592e3024590cea801ece6d3de6b14_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:dddc574f9c2ed8e7266522761842ea2c88e9cad3e284cf9c3522fd5e834d82ef_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:62857f91e51e167d39fcf932c444d04b6105720299372789fe97941aafa5ff52_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:85cf9cf1f440604ad7346608d6920720acc9e75b2a0c3579439e73d0a7278554_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:bda6bd1cadc353bf93dbb387b0e473840efa4488a11488b9e0f91e22a86cb834_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:cda143023feee01e4cd88a075c93a587ed14f6071611ef2516d89ad33f51ee0d_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:132249054adcac03505c8ba0668c0d625ac17187252b529f547a60c48e5e5ab6_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:6eea9dda872fe39f1f8b6ca114434dab0d98c9da64864ee6281362b992e59f7b_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:816d881aa7a3c8c7257877a6b84239fed4e3b66d582fd463f1b877bde5d6e378_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.13:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:fb70c6acd3110cef92807982f8c66403552507d2bc52e212b0ef97ae116a50c7_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd: Security bypass via Container Device Interface (CDI) annotation smuggling during checkpoint restoration."
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.