- Issued:
- 2022-09-14
- Updated:
- 2022-09-14
RHSA-2022:6526 - Security Advisory
Synopsis
Important: OpenShift Virtualization 4.11.0 Images security and bug fix update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Virtualization release 4.11.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following OpenShift Virtualization 4.11.0 images:
RHEL-8-CNV-4.11
===============
hostpath-provisioner-container-v4.11.0-21
kubevirt-tekton-tasks-operator-container-v4.11.0-29
kubevirt-template-validator-container-v4.11.0-17
bridge-marker-container-v4.11.0-26
hostpath-csi-driver-container-v4.11.0-21
cluster-network-addons-operator-container-v4.11.0-26
ovs-cni-marker-container-v4.11.0-26
virtio-win-container-v4.11.0-16
ovs-cni-plugin-container-v4.11.0-26
kubemacpool-container-v4.11.0-26
hostpath-provisioner-operator-container-v4.11.0-24
cnv-containernetworking-plugins-container-v4.11.0-26
kubevirt-ssp-operator-container-v4.11.0-54
virt-cdi-uploadserver-container-v4.11.0-59
virt-cdi-cloner-container-v4.11.0-59
virt-cdi-operator-container-v4.11.0-59
virt-cdi-importer-container-v4.11.0-59
virt-cdi-uploadproxy-container-v4.11.0-59
virt-cdi-controller-container-v4.11.0-59
virt-cdi-apiserver-container-v4.11.0-59
kubevirt-tekton-tasks-modify-vm-template-container-v4.11.0-7
kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.0-7
kubevirt-tekton-tasks-copy-template-container-v4.11.0-7
checkup-framework-container-v4.11.0-67
kubevirt-tekton-tasks-cleanup-vm-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.0-7
kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.0-7
kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.0-7
vm-network-latency-checkup-container-v4.11.0-67
kubevirt-tekton-tasks-create-datavolume-container-v4.11.0-7
hyperconverged-cluster-webhook-container-v4.11.0-95
cnv-must-gather-container-v4.11.0-62
hyperconverged-cluster-operator-container-v4.11.0-95
kubevirt-console-plugin-container-v4.11.0-83
virt-controller-container-v4.11.0-105
virt-handler-container-v4.11.0-105
virt-operator-container-v4.11.0-105
virt-launcher-container-v4.11.0-105
virt-artifacts-server-container-v4.11.0-105
virt-api-container-v4.11.0-105
libguestfs-tools-container-v4.11.0-105
hco-bundle-registry-container-v4.11.0-587
Security Fix(es):
- golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
- kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
- golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
- golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
- prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
- golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
- golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
- golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
- golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
- golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
- golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
- golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Container Native Virtualization 4.11 for RHEL 8 x86_64
- Red Hat Container Native Virtualization 4.11 for RHEL 7 x86_64
Fixes
- BZ - 1937609 - VM cannot be restarted
- BZ - 1945593 - Live migration should be blocked for VMs with host devices
- BZ - 1968514 - [RFE] Add cancel migration action to virtctl
- BZ - 1993109 - CNV MacOS Client not signed
- BZ - 1994604 - [RFE] - Add a feature to virtctl to print out a message if virtctl is a different version than the server side
- BZ - 2001385 - no "name" label in virt-operator pod
- BZ - 2009793 - KBase to clarify nested support status is missing
- BZ - 2010318 - with sysprep config data as cfgmap volume and as cdrom disk a windows10 VMI fails to LiveMigrate
- BZ - 2025276 - No permissions when trying to clone to a different namespace (as Kubeadmin)
- BZ - 2025401 - [TEST ONLY] [CNV+OCS/ODF] Virtualization poison pill implemenation
- BZ - 2026357 - Migration in sequence can be reported as failed even when it succeeded
- BZ - 2029349 - cluster-network-addons-operator does not serve metrics through HTTPS
- BZ - 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
- BZ - 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
- BZ - 2031857 - Add annotation for URL to download the image
- BZ - 2033077 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate
- BZ - 2035344 - kubemacpool-mac-controller-manager not ready
- BZ - 2036676 - NoReadyVirtController and NoReadyVirtOperator are never triggered
- BZ - 2039976 - Pod stuck in "Terminating" state when removing VM with kernel boot and container disks
- BZ - 2040766 - A crashed Windows VM cannot be restarted with virtctl or the UI
- BZ - 2041467 - [SSP] Support custom DataImportCron creating in custom namespaces
- BZ - 2042402 - LiveMigration with postcopy misbehave when failure occurs
- BZ - 2042809 - sysprep disk requires autounattend.xml if an unattend.xml exists
- BZ - 2045086 - KubeVirtComponentExceedsRequestedMemory Prometheus Rule is Failing to Evaluate
- BZ - 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
- BZ - 2047186 - When entering to a RH supported template, it changes the project (namespace) to ?OpenShift?
- BZ - 2051899 - 4.11.0 containers
- BZ - 2052094 - [rhel9-cnv] VM fails to start, virt-handler error msg: Couldn't configure ip nat rules
- BZ - 2052466 - Event does not include reason for inability to live migrate
- BZ - 2052689 - Overhead Memory consumption calculations are incorrect
- BZ - 2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
- BZ - 2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
- BZ - 2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
- BZ - 2056467 - virt-template-validator pods getting scheduled on the same node
- BZ - 2057157 - [4.10.0] HPP-CSI-PVC fails to bind PVC when node fqdn is long
- BZ - 2057310 - qemu-guest-agent does not report information due to selinux denials
- BZ - 2058149 - cluster-network-addons-operator deployment's MULTUS_IMAGE is pointing to brew image
- BZ - 2058925 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs
- BZ - 2059121 - [CNV-4.11-rhel9] virt-handler pod CrashLoopBackOff state
- BZ - 2060485 - virtualMachine with duplicate interfaces name causes MACs to be rejected by Kubemacpool
- BZ - 2060585 - [SNO] Failed to find the virt-controller leader pod
- BZ - 2061208 - Cannot delete network Interface if VM has multiqueue for networking enabled.
- BZ - 2061723 - Prevent new DataImportCron to manage DataSource if multiple DataImportCron pointing to same DataSource
- BZ - 2063540 - [CNV-4.11] Authorization Failed When Cloning Source Namespace
- BZ - 2063792 - No DataImportCron for CentOS 7
- BZ - 2064034 - On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop
- BZ - 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server
- BZ - 2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
- BZ - 2064936 - Migration of vm from VMware reports pvc not large enough
- BZ - 2065014 - Feature Highlights in CNV 4.10 contains links to 4.7
- BZ - 2065019 - "Running VMs per template" in the new overview tab counts VMs that are not running
- BZ - 2066768 - [CNV-4.11-HCO] User Cannot List Resource "namespaces" in API group
- BZ - 2067246 - [CNV]: Unable to ssh to Virtual Machine post changing Flavor tiny to custom
- BZ - 2069287 - Two annotations for VM Template provider name
- BZ - 2069388 - [CNV-4.11] kubemacpool-mac-controller - TLS handshake error
- BZ - 2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
- BZ - 2070864 - non-privileged user cannot see catalog tiles
- BZ - 2071488 - "Migrate Node to Node" is confusing.
- BZ - 2071549 - [rhel-9] unable to create a non-root virt-launcher based VM
- BZ - 2071611 - Metrics documentation generators are missing metrics/recording rules
- BZ - 2071921 - Kubevirt RPM is not being built
- BZ - 2073669 - [rhel-9] VM fails to start
- BZ - 2073679 - [rhel-8] VM fails to start: missing virt-launcher-monitor downstream
- BZ - 2073982 - [CNV-4.11-RHEL9] 'virtctl' binary fails with 'rc1' with 'virtctl version' command
- BZ - 2074337 - VM created from registry cannot be started
- BZ - 2075200 - VLAN filtering cannot be configured with Intel X710
- BZ - 2075409 - [CNV-4.11-rhel9] hco-operator and hco-webhook pods CrashLoopBackOff
- BZ - 2076292 - Upgrade from 4.10.1->4.11 using nightly channel, is not completing with error "could not complete the upgrade process. KubeVirt is not with the expected version. Check KubeVirt observed version in the status field of its CR"
- BZ - 2076379 - must-gather: ruletables and qemu logs collected as a part of gather_vm_details scripts are zero bytes file
- BZ - 2076790 - Alert SSPDown is constantly in Firing state
- BZ - 2076908 - clicking on a template in the Running VMs per Template card leads to 404
- BZ - 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
- BZ - 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
- BZ - 2078700 - Windows template boot source should be blank
- BZ - 2078703 - [RFE] Please hide the user defined password when customizing cloud-init
- BZ - 2078709 - VM conditions column have wrong key/values
- BZ - 2078728 - Common template rootDisk is not named correctly
- BZ - 2079366 - rootdisk is not able to edit
- BZ - 2079674 - Configuring preferred node affinity in the console results in wrong yaml and unschedulable VM
- BZ - 2079783 - Actions are broken in topology view
- BZ - 2080132 - virt-launcher logs live migration in nanoseconds if the migration is stuck
- BZ - 2080155 - [RFE] Provide the progress of VM migration in the source virt launcher pod
- BZ - 2080547 - Metrics kubevirt_hco_out_of_band_modifications_count, does not reflect correct modification count when label is added to priorityclass/kubevirt-cluster-critical in a loop
- BZ - 2080833 - Missing cloud init script editor in the scripts tab
- BZ - 2080835 - SSH key is set using cloud init script instead of new api
- BZ - 2081182 - VM SSH command generated by UI points at api VIP
- BZ - 2081202 - cloud-init for Windows VM generated with corrupted "undefined" section
- BZ - 2081409 - when viewing a common template details page, user need to see the message "can't edit common template" on all tabs
- BZ - 2081671 - SSH service created outside the UI is not discoverable
- BZ - 2081831 - [RFE] Improve disk hotplug UX
- BZ - 2082008 - LiveMigration fails due to loss of connection to destination host
- BZ - 2082164 - Migration progress timeout expects absolute progress
- BZ - 2082912 - [CNV-4.11] HCO Being Unable to Reconcile State
- BZ - 2083093 - VM overview tab is crashed
- BZ - 2083097 - ?Mount Windows drivers disk? should not show when the template is not ?windows?
- BZ - 2083100 - Something keeps loading in the ?node selector? modal
- BZ - 2083101 - ?Restore default settings? never become available while editing CPU/Memory
- BZ - 2083135 - VM fails to schedule with vTPM in spec
- BZ - 2083256 - SSP Reconcile logging improvement when CR resources are changed
- BZ - 2083595 - [RFE] Disable VM descheduler if the VM is not live migratable
- BZ - 2084102 - [e2e] Many elements are lacking proper selector like 'data-test-id' or 'data-test'
- BZ - 2084122 - [4.11]Clone from filesystem to block on storage api with the same size fails
- BZ - 2084418 - ?Invalid SSH public key format? appears when drag ssh key file to ?Authorized SSH Key? field
- BZ - 2084431 - User credentials for ssh is not in correct format
- BZ - 2084476 - The Virtual Machine Authorized SSH Key is not shown in the scripts tab.
- BZ - 2084532 - Console is crashed while detaching disk
- BZ - 2084610 - Newly added Kubevirt-plugin pod is missing resources.requests values (cpu/memory)
- BZ - 2085320 - Tolerations rules is not adding correctly
- BZ - 2085322 - Not able to stop/restart VM if the VM is staying in "Starting"
- BZ - 2086272 - [dark mode] Titles in Overview tab not visible enough in dark mode
- BZ - 2086278 - Cloud init script edit add " hostname='' " when is should not be added
- BZ - 2086281 - [dark mode] Helper text in Scripts tab not visible enough on dark mode
- BZ - 2086286 - [dark mode] The contrast of the Labels and edit labels not look good in the dark mode
- BZ - 2086293 - [dark mode] Titles in Parameters tab not visible enough in dark mode
- BZ - 2086294 - [dark mode] Can't see the number inside the donut chart in VMs per template card
- BZ - 2086303 - non-priv user can't create VM when namespace is not selected
- BZ - 2086479 - some modals use ?Save? and some modals use ?Submit?
- BZ - 2086486 - cluster overview getting started card include old information
- BZ - 2086488 - Cannot cancel vm migration if the migration pod is not schedulable in the backend
- BZ - 2086769 - Missing vm.kubevirt.io/template.namespace label when creating VM with the wizard
- BZ - 2086803 - When clonnig a template we need to update vm labels and annotaions to match new template
- BZ - 2086825 - VM restore PVC uses exact source PVC request size
- BZ - 2086849 - Create from YAML example is not runnable
- BZ - 2087188 - When VM is stopped - adding disk failed to show
- BZ - 2087189 - When VM is stopped - adding disk failed to show
- BZ - 2087232 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
- BZ - 2087546 - "Quick Starts" is missing in Getting started card
- BZ - 2087547 - Activity and Status card are missing in Virtualization Overview
- BZ - 2087559 - template in "VMs per template" should take user to vm list page
- BZ - 2087566 - Remove the ?auto upload? label from template in the catalog if the auto-upload boot source not exists
- BZ - 2087570 - Page title should be ?VirtualMachines? and not ?Virtual Machines?
- BZ - 2087577 - "VMs per template" load time is a bit long
- BZ - 2087578 - Terminology "VM" should be "Virtual Machine" in all places
- BZ - 2087582 - Remove VMI and MTV from the navigation
- BZ - 2087583 - [RFE] Show more info about boot source in template list
- BZ - 2087584 - Template provider should not be mandatory
- BZ - 2087587 - Improve the descriptive text in the kebab menu of template
- BZ - 2087589 - Red icons shows in storage disk source selection without a good reason
- BZ - 2087590 - [REF] "Upload a new file to a PVC" should not open the form in a new tab
- BZ - 2087593 - "Boot method" is not a good name in overview tab
- BZ - 2087603 - Align details card for single VM overview with the design doc
- BZ - 2087616 - align the utilization card of single VM overview with the design
- BZ - 2087701 - [RFE] Missing a link to VMI from running VM details page
- BZ - 2087717 - Message when editing template boot source is wrong
- BZ - 2088034 - Virtualization Overview crashes when a VirtualMachine has no labels
- BZ - 2088355 - disk modal shows all storage classes as default
- BZ - 2088361 - Attached disk keeps in loading status when add disk to a power off VM by non-privileged user
- BZ - 2088379 - Create VM from catalog does not respect the storageclass of the template's boot source
- BZ - 2088407 - Missing create button in the template list
- BZ - 2088471 - [HPP] hostpath-provisioner-csi does not comply with restricted security context
- BZ - 2088472 - Golden Images import cron jobs are not getting updated on upgrade to 4.11
- BZ - 2088477 - [4.11.z] VMSnapshot restore fails to provision volume with size mismatch error
- BZ - 2088849 - "dataimportcrontemplate.kubevirt.io/enable" field does not do any validation
- BZ - 2089078 - ConsolePlugin kubevirt-plugin is not getting reconciled by hco
- BZ - 2089271 - Virtualization appears twice in sidebar
- BZ - 2089327 - add network modal crash when no networks available
- BZ - 2089376 - Virtual Machine Template without dataVolumeTemplates gets blank page
- BZ - 2089477 - [RFE] Allow upload source when adding VM disk
- BZ - 2089700 - Drive column in Disks card of Overview page has duplicated values
- BZ - 2089745 - When removing all disks from customize wizard app crashes
- BZ - 2089789 - Add windows drivers disk is missing when template is not windows
- BZ - 2089825 - Top consumers card on Virtualization Overview page should keep display parameters as set by user
- BZ - 2089836 - Card titles on single VM Overview page does not have hyperlinks to relevant pages
- BZ - 2089840 - Cant create snapshot if VM is without disks
- BZ - 2089877 - Utilization card on single VM overview - timespan menu lacks 5min option
- BZ - 2089932 - Top consumers card on single VM overview - View by resource dropdown menu needs an update
- BZ - 2089942 - Utilization card on single VM overview - trend charts at the bottom should be linked to proper metrics
- BZ - 2089954 - Details card on single VM overview - VNC console has grey padding
- BZ - 2089963 - Details card on single VM overview - Operating system info is not available
- BZ - 2089967 - Network Interfaces card on single VM overview - name tooltip lacks info
- BZ - 2089970 - Network Interfaces card on single VM overview - IP tooltip
- BZ - 2089972 - Disks card on single VM overview -typo
- BZ - 2089979 - Single VM Details - CPU|Memory edit icon misplaced
- BZ - 2089982 - Single VM Details - SSH modal has redundant VM name
- BZ - 2090035 - Alert card is missing in single VM overview
- BZ - 2090036 - OS should be "Operating system" and host should be "hostname" in single vm overview
- BZ - 2090037 - Add template link in single vm overview details card
- BZ - 2090038 - The update field under the version in overview should be consistent with the operator page
- BZ - 2090042 - Move the edit button close to the text for "boot order" and "ssh access"
- BZ - 2090043 - "No resource selected" in vm boot order
- BZ - 2090046 - Hardware devices section In the VM details and Template details should be aligned with catalog page
- BZ - 2090048 - "Boot mode" should be editable while VM is running
- BZ - 2090054 - Services ?kubernetes" and "openshift" should not be listing in vm details
- BZ - 2090055 - Add link to vm template in vm details page
- BZ - 2090056 - "Something went wrong" shows on VM "Environment" tab
- BZ - 2090057 - "?" icon is too big in environment and disk tab
- BZ - 2090059 - Failed to add configmap in environment tab due to validate error
- BZ - 2090064 - Miss "remote desktop" in console dropdown list for windows VM
- BZ - 2090066 - [RFE] Improve guest login credentials
- BZ - 2090068 - Make the "name" and "Source" column wider in vm disk tab
- BZ - 2090131 - Key's value in "add affinity rule" modal is too small
- BZ - 2090350 - memory leak in virt-launcher process
- BZ - 2091003 - SSH service is not deleted along the VM
- BZ - 2091058 - After VM gets deleted, the user is redirected to a page with a different namespace
- BZ - 2091309 - While disabling a golden image via HCO, user should not be required to enter the whole spec.
- BZ - 2091406 - wrong template namespace label when creating a vm with wizard
- BZ - 2091754 - Scheduling and scripts tab should be editable while the VM is running
- BZ - 2091755 - Change bottom "Save" to "Apply" on cloud-init script form
- BZ - 2091756 - The root disk of cloned template should be editable
- BZ - 2091758 - "OS" should be "Operating system" in template filter
- BZ - 2091760 - The provider should be empty if it's not set during cloning
- BZ - 2091761 - Miss "Edit labels" and "Edit annotations" in template kebab button
- BZ - 2091762 - Move notification above the tabs in template details page
- BZ - 2091764 - Clone a template should lead to the template details
- BZ - 2091765 - "Edit bootsource" is keeping in load in template actions dropdown
- BZ - 2091766 - "Are you sure you want to leave this page?" pops up when click the "Templates" link
- BZ - 2091853 - On Snapshot tab of single VM "Restore" button should move to the kebab actions together with the Delete
- BZ - 2091863 - BootSource edit modal should list affected templates
- BZ - 2091868 - Catalog list view has two columns named "BootSource"
- BZ - 2091889 - Devices should be editable for customize template
- BZ - 2091897 - username is missing in the generated ssh command
- BZ - 2091904 - VM is not started if adding "Authorized SSH Key" during vm creation
- BZ - 2091911 - virt-launcher pod remains as NonRoot after LiveMigrating VM from NonRoot to Root
- BZ - 2091940 - SSH is not enabled in vm details after restart the VM
- BZ - 2091945 - delete a template should lead to templates list
- BZ - 2091946 - Add disk modal shows wrong units
- BZ - 2091982 - Got a lot of "Reconciler error" in cdi-deployment log after adding custom DataImportCron to hco
- BZ - 2092048 - When Boot from CD is checked in customized VM creation - Disk source should be Blank
- BZ - 2092052 - Virtualization should be omitted in Calatog breadcrumbs
- BZ - 2092071 - Getting started card in Virtualization overview can not be hidden.
- BZ - 2092079 - Error message stays even when problematic field is dismissed
- BZ - 2092158 - PrometheusRule kubevirt-hyperconverged-prometheus-rule is not getting reconciled by HCO
- BZ - 2092228 - Ensure Machine Type for new VMs is 8.6
- BZ - 2092230 - [RFE] Add indication/mark to deprecated template
- BZ - 2092306 - VM is stucking with WaitingForVolumeBinding if creating via "Boot from CD"
- BZ - 2092337 - os is empty in VM details page
- BZ - 2092359 - [e2e] data-test-id includes all pvc name
- BZ - 2092654 - [RFE] No obvious way to delete the ssh key from the VM
- BZ - 2092662 - No url example for rhel and windows template
- BZ - 2092663 - no hyperlink for URL example in disk source "url"
- BZ - 2092664 - no hyperlink to the cdi uploadproxy URL
- BZ - 2092781 - Details card should be removed for non admins.
- BZ - 2092783 - Top consumers' card should be removed for non admins.
- BZ - 2092787 - Operators links should be removed from Getting started card
- BZ - 2092789 - "Learn more about Operators" link should lead to the Red Hat documentation
- BZ - 2092951 - ?Edit BootSource? action should have more explicit information when disabled
- BZ - 2093282 - Remove links to 'all-namespaces/' for non-privileged user
- BZ - 2093691 - Creation flow drawer left padding is broken
- BZ - 2093713 - Required fields in creation flow should be highlighted if empty
- BZ - 2093715 - Optional parameters section in creation flow is missing bottom padding
- BZ - 2093716 - CPU|Memory modal button should say "Restore template settings?
- BZ - 2093772 - Add a service in environment it reminds a pending change in boot order
- BZ - 2093773 - Console crashed if adding a service without serial number
- BZ - 2093866 - Cannot create vm from the template `vm-template-example`
- BZ - 2093867 - OS for template 'vm-template-example' should matching the version of the image
- BZ - 2094202 - Cloud-init username field should have hint
- BZ - 2094207 - Cloud-init password field should have auto-generate option
- BZ - 2094208 - SSH key input is missing validation
- BZ - 2094217 - YAML view should reflect shanges in SSH form
- BZ - 2094222 - "?" icon should be placed after red asterisk in required fields
- BZ - 2094323 - Workload profile should be editable in template details page
- BZ - 2094405 - adding resource on enviornment isnt showing on disks list when vm is running
- BZ - 2094440 - Utilization pie charts figures are not based on current data
- BZ - 2094451 - PVC selection in VM creation flow does not work for non-priv user
- BZ - 2094453 - CD Source selection in VM creation flow is missing Upload option
- BZ - 2094465 - Typo in Source tooltip
- BZ - 2094471 - Node selector modal for non-privileged user
- BZ - 2094481 - Tolerations modal for non-privileged user
- BZ - 2094486 - Add affinity rule modal
- BZ - 2094491 - Affinity rules modal button
- BZ - 2094495 - Descheduler modal has same text in two lines
- BZ - 2094646 - [e2e] Elements on scheduling tab are missing proper data-test-id
- BZ - 2094665 - Dedicated Resources modal for non-privileged user
- BZ - 2094678 - Secrets and ConfigMaps can't be added to Windows VM
- BZ - 2094727 - Creation flow should have VM info in header row
- BZ - 2094807 - hardware devices dropdown has group title even with no devices in cluster
- BZ - 2094813 - Cloudinit password is seen in wizard
- BZ - 2094848 - Details card on Overview page - 'View details' link is missing
- BZ - 2095125 - OS is empty in the clone modal
- BZ - 2095129 - "undefined" appears in rootdisk line in clone modal
- BZ - 2095224 - affinity modal for non-privileged users
- BZ - 2095529 - VM migration cancelation in kebab action should have shorter name
- BZ - 2095530 - Column sizes in VM list view
- BZ - 2095532 - Node column in VM list view is visible to non-privileged user
- BZ - 2095537 - Utilization card information should display pie charts as current data and sparkline charts as overtime
- BZ - 2095570 - Details tab of VM should not have Node info for non-privileged user
- BZ - 2095573 - Disks created as environment or scripts should have proper label
- BZ - 2095953 - VNC console controls layout
- BZ - 2095955 - VNC console tabs
- BZ - 2096166 - Template "vm-template-example" is binding with namespace "default"
- BZ - 2096206 - Inconsistent capitalization in Template Actions
- BZ - 2096208 - Templates in the catalog list is not sorted
- BZ - 2096263 - Incorrectly displaying units for Disks size or Memory field in various places
- BZ - 2096333 - virtualization overview, related operators title is not aligned
- BZ - 2096492 - Cannot create vm from a cloned template if its boot source is edited
- BZ - 2096502 - "Restore template settings" should be removed from template CPU editor
- BZ - 2096510 - VM can be created without any disk
- BZ - 2096511 - Template shows "no Boot Source" and label "Source available" at the same time
- BZ - 2096620 - in templates list, edit boot reference kebab action opens a modal with different title
- BZ - 2096781 - Remove boot source provider while edit boot source reference
- BZ - 2096801 - vnc thumbnail in virtual machine overview should be active on page load
- BZ - 2096845 - Windows template's scripts tab is crashed
- BZ - 2097328 - virtctl guestfs shouldn't required uid = 0
- BZ - 2097370 - missing titles for optional parameters in wizard customization page
- BZ - 2097465 - Count is not updating for 'prometheusrule' component when metrics kubevirt_hco_out_of_band_modifications_count executed
- BZ - 2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
- BZ - 2098134 - "Workload profile" column is not showing completely in template list
- BZ - 2098135 - Workload is not showing correct in catalog after change the template's workload
- BZ - 2098282 - Javascript error when changing boot source of custom template to be an uploaded file
- BZ - 2099443 - No "Quick create virtualmachine" button for template 'vm-template-example'
- BZ - 2099533 - ConsoleQuickStart for HCO CR's VM is missing
- BZ - 2099535 - The cdi-uploadproxy certificate url should be opened in a new tab
- BZ - 2099539 - No storage option for upload while editing a disk
- BZ - 2099566 - Cloudinit should be replaced by cloud-init in all places
- BZ - 2099608 - "DynamicB" shows in vm-example disk size
- BZ - 2099633 - Doc links needs to be updated
- BZ - 2099639 - Remove user line from the ssh command section
- BZ - 2099802 - Details card link shouldn't be hard-coded
- BZ - 2100054 - Windows VM with WSL2 guest fails to migrate
- BZ - 2100284 - Virtualization overview is crashed
- BZ - 2100415 - HCO is taking too much time for reconciling kubevirt-plugin deployment
- BZ - 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- BZ - 2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
- BZ - 2101192 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
- BZ - 2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
- BZ - 2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
- BZ - 2101485 - Cloudinit should be replaced by cloud-init in all places
- BZ - 2101628 - non-priv user cannot load dataSource while edit template's rootdisk
- BZ - 2101954 - [4.11]Smart clone and csi clone leaves tmp unbound PVC and ObjectTransfer
- BZ - 2102076 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
- BZ - 2102116 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
- BZ - 2102117 - [e2e] elements on VM Scripts tab are missing proper data-test-id
- BZ - 2102122 - non-priv user cannot load dataSource while edit template's rootdisk
- BZ - 2102124 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
- BZ - 2102125 - vm clone modal is displaying DV size instead of PVC size
- BZ - 2102127 - Cannot add NIC to VM template as non-priv user
- BZ - 2102129 - All templates are labeling "source available" in template list page
- BZ - 2102131 - The number of hardware devices is not correct in vm overview tab
- BZ - 2102135 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
- BZ - 2102143 - vm clone modal is displaying DV size instead of PVC size
- BZ - 2102256 - Add button moved to right
- BZ - 2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
- BZ - 2102543 - Add button moved to right
- BZ - 2102544 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
- BZ - 2102545 - VM filter has two "Other" checkboxes which are triggered together
- BZ - 2104617 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
- BZ - 2106175 - All pages are crashed after visit Virtualization -> Overview
- BZ - 2106258 - All pages are crashed after visit Virtualization -> Overview
- BZ - 2110178 - [Docs] Text repetition in Virtual Disk Hot plug instructions
- BZ - 2111359 - kubevirt plugin console is crashed after creating a vm with 2 nics
- BZ - 2111562 - kubevirt plugin console crashed after visit vmi page
- BZ - 2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
CVEs
- CVE-2018-25032
- CVE-2019-5827
- CVE-2019-13750
- CVE-2019-13751
- CVE-2019-17594
- CVE-2019-17595
- CVE-2019-18218
- CVE-2019-19603
- CVE-2019-20838
- CVE-2020-13435
- CVE-2020-14155
- CVE-2020-17541
- CVE-2020-24370
- CVE-2020-35492
- CVE-2021-3580
- CVE-2021-3634
- CVE-2021-3737
- CVE-2021-4115
- CVE-2021-4189
- CVE-2021-20231
- CVE-2021-20232
- CVE-2021-23177
- CVE-2021-25219
- CVE-2021-31535
- CVE-2021-31566
- CVE-2021-36084
- CVE-2021-36085
- CVE-2021-36086
- CVE-2021-36087
- CVE-2021-38185
- CVE-2021-38561
- CVE-2021-40528
- CVE-2021-43527
- CVE-2021-44716
- CVE-2021-44717
- CVE-2022-0778
- CVE-2022-1271
- CVE-2022-1292
- CVE-2022-1621
- CVE-2022-1629
- CVE-2022-1798
- CVE-2022-2068
- CVE-2022-2097
- CVE-2022-21698
- CVE-2022-22576
- CVE-2022-23772
- CVE-2022-23773
- CVE-2022-23806
- CVE-2022-24407
- CVE-2022-24675
- CVE-2022-24921
- CVE-2022-25313
- CVE-2022-25314
- CVE-2022-27191
- CVE-2022-27774
- CVE-2022-27776
- CVE-2022-27782
- CVE-2022-28327
- CVE-2022-29824
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.