A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another users objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
Weakness
The product does not properly “clean up” and remove temporary or supporting resources after they have been used.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Postgresql | Postgresql | 10.0 (including) | 10.21 (excluding) |
| Postgresql | Postgresql | 11.0 (including) | 11.16 (excluding) |
| Postgresql | Postgresql | 12.0 (including) | 12.11 (excluding) |
| Postgresql | Postgresql | 13.0 (including) | 13.7 (excluding) |
| Postgresql | Postgresql | 14.0 (including) | 14.3 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | postgresql-0:9.2.24-8.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | postgresql:10-8060020220525083017.ad008a3a | * |
| Red Hat Enterprise Linux 8 | RedHat | postgresql:12-8060020220525083707.ad008a3a | * |
| Red Hat Enterprise Linux 8 | RedHat | postgresql:13-8060020220525083942.ad008a3a | * |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | RedHat | postgresql:10-8010020220520062435.c27ad7f8 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | postgresql:12-8020020220525083519.4cda2c84 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | postgresql:10-8020020220525082558.4cda2c84 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | postgresql:10-8040020220525082819.522a0ee4 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | postgresql:12-8040020220525214753.522a0ee4 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | postgresql:13-8040020220525083902.522a0ee4 | * |
| Red Hat Enterprise Linux 9 | RedHat | postgresql-0:13.7-1.el9_0 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-postgresql10-postgresql-0:10.21-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-postgresql12-postgresql-0:12.11-1.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-postgresql13-postgresql-0:13.7-1.el7 | * |
| Postgresql-10 | Ubuntu | bionic | * |
| Postgresql-10 | Ubuntu | esm-infra/bionic | * |
| Postgresql-10 | Ubuntu | upstream | * |
| Postgresql-12 | Ubuntu | esm-infra/focal | * |
| Postgresql-12 | Ubuntu | focal | * |
| Postgresql-12 | Ubuntu | trusty | * |
| Postgresql-12 | Ubuntu | upstream | * |
| Postgresql-13 | Ubuntu | impish | * |
| Postgresql-13 | Ubuntu | upstream | * |
| Postgresql-14 | Ubuntu | jammy | * |
| Postgresql-14 | Ubuntu | upstream | * |
| Postgresql-9.1 | Ubuntu | trusty | * |
| Postgresql-9.3 | Ubuntu | trusty | * |
| Postgresql-9.3 | Ubuntu | trusty/esm | * |
| Postgresql-9.3 | Ubuntu | upstream | * |
| Postgresql-9.5 | Ubuntu | esm-infra/xenial | * |
| Postgresql-9.5 | Ubuntu | upstream | * |
| Postgresql-9.5 | Ubuntu | xenial | * |
Potential Mitigations
References
- https://access.redhat.com/security/cve/CVE-2022-1552
- https://bugzilla.redhat.com/show_bug.cgi?id=2081126
- https://security.gentoo.org/glsa/202211-04
- https://security.netapp.com/advisory/ntap-20221104-0005/
- https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/
- https://www.postgresql.org/support/security/CVE-2022-1552/
- https://access.redhat.com/security/cve/CVE-2022-1552
- https://bugzilla.redhat.com/show_bug.cgi?id=2081126
- https://security.gentoo.org/glsa/202211-04
- https://security.netapp.com/advisory/ntap-20221104-0005/
- https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/
- https://www.postgresql.org/support/security/CVE-2022-1552/