Security Bulletin
Summary
Multiple vulnerabilities in the Linux Kernel such as denial of service, elevation of privileges, execution of arbitrary code on the system, and the ability to obtain sensitive information affect IBM Spectrum Protect Plus.
UPDATED: 11 September 2019 to add CVE-2019-15925
Vulnerability Details
CVEID: CVE-2019-10140
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the ovl_posix_acl_create function in fs/overlayfs/dir.c. By creating directories on overlayfs, a local attacker could exploit this vulnerability to cause the kernel to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/165372 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11477
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162662 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11478
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162664 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11479
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162665 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when a race between modify_ldt() and #BR Exception occurs. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162780 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by improper permission validation and improper object lifetime handling for PTRACE_TRACEME in the ptrace_link function. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/163733 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-14283
DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds read in the drivers/block/floppy.c. By using a specially-crafted floppy disk, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/165352 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-14284
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by setup_format_params division-by-zero in drivers/block/floppy.c. By sending specially-crafted ioctls, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/165351 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in the drivers/scsi/qedi/qedi_dbg.c. A local attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/165454 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in sas_expander.c when SAS expander discovery fails. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/166306 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds access flaw in the hclge_tm_schd_mode_vnet_base_cfg function in hclge_tm.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition on the system.
CVSS Base Score: 9.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/166576 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
Affected Products and Versions
Remediation/Fixes
| Spectrum Protect Plus Release | First Fixing VRM Level |
Platform | Link to Fix |
| 10.1 |
10.1.4.222
(10.1.4 eFix2)
|
Linux |
Workarounds and Mitigations
Get Notified about Future Security Bulletins
References
Change History
10 September 2019 - Original version published
11 September 2019 - Updated to add CVE-2019-15925
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
Advisory 17023 Product Record 139694
Advisory 17573 Product Record 142455
Advisory 17583 Product Record 142542
Advisory 17915 Product Record 144105
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
11 September 2019
UID
ibm11072398