Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel

Summary

IBM QRadar Network Security has addressed vulnerabilities in Linux kernel.

Vulnerability Details

CVEID: CVE-2017-1000251**
DESCRIPTION:** Linux Kernel is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the native Bluetooth stack. By processing L2CAP configuration responses, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131857 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-9076**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the dccp_v6_request_recv_sock function in net/dccp/ipv6.c. By using specially-crafted system calls, a local attacker could exploit this vulnerability to cause a denial of service condition or other unspecified impact.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126255 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-7616**
DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c. By triggering failure of a certain bitmap operation, an attacker could exploit this vulnerability to obtain sensitive information from uninitialized stack data.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124563 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-7187**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow in sg_ioctl function in drivers/scsi/sg.c. By using a large command size in an SG_NEXT_CMD_LEN ioctl call, a local attacker could exploit this vulnerability to cause the system to crash or other unspecified impact.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123509 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-6951**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the keyring_search_aux function in security/keys/keyring.c. By using a request_key system call for the “dead” type, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123423 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-6001**
DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the kernel/events/core.c. By using a specially-crafted application, an attacker could exploit this vulnerability to gain privileges on the system.
CVSS Base Score: 7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122171 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-5970**
DESCRIPTION:** Linux kernel is vulnerable to a denial of service, caused by an error in the ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c. By using a specially-crafted application that makes malformed system calls or IPv4 traffic with invalid IP options, a remote attacker could exploit this vulnerability to cause system to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122003 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-2671**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the ping_unhash function. By leveraging access to the protocol value of IPPROTO_ICMP in a socket system call, a local attacker could exploit this vulnerability to cause the system to panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127408 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-2647**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the keyring_search_iterator function in keyring.c in KEYS subsystem. By using vectors involving a NULL value for a certain match field, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128712 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-2596**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper emulation of the VMXON instruction by the nested_vmx_check_vmptr function. By leveraging the mishandling of page references, an attacker could exploit this vulnerability to cause host OS memory consumption and the system to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122080 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-9806**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a race condition in the netlink_dump function in net/netlink/af_netlink.c. By using a specially-crafted application, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120228 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-9685**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the fs/xfs/xfs_attr_list.c. By using a specially-crafted XFS filesystem operations, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120243 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-9604**
DESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the built-in keyrings for security tokens. By adding a new public key of its own devising to the keyring, an attacker could exploit this vulnerability to bypass module signature verification and gain direct access to an internal keyring.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125570 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2017-9075**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the sctp_v6_create_accept_sk function in net/sctp/ipv6.c. By using specially-crafted system calls, a local attacker could exploit this vulnerability to cause a denial of service condition or other unspecified impact.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126254 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-9074**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to consider that the nexthdr field may be associated with an invalid option by the IPv6 fragmentation implementation. By using a specially-crafted socket and send system calls, a local attacker could exploit this vulnerability to cause a denial of service condition or other unspecified impact.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126253 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-8890**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a double free in inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c. By leveraging use of the accept system call, an attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125914 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-8797**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the NFSv4 Server. By sending a specially crafted NFSv4 pNFS LAYOUTGET command using UDP, a remote attacker on a system within the target mount’'s host address mask range could exploit this vulnerability to cause the service to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127765 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-7889**
DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by the failure to properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. By using a specially-crafted application, an attacker could exploit this vulnerability to read or write to kernel memory locations in the first megabyte.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125799 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-10200**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the l2tp_ip6_bind() function in the L2TPv3 IP Encapsulation feature. By making multiple bind system calls, an attacker could exploit this vulnerability to trigger a use-after-free and gain elevated privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/122901 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-10147**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in crypto/mcryptd.c. By using an AF_ALG socket with an incompatible algorithm, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124085 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-10088**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an use-after-free error in the sg implementation. By leveraging access to a /dev/sg device, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120237 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-10088**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to properly restrict write operations in situations where the KERNEL_DS option is set by the sg_write() and bsg_write() Functions in block/bsg.c and drivers/scsi/sg.c. By leveraging access to a /dev/sg device, an attacker could exploit this vulnerability to write arbitrary kernel memory and gain root privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120225 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-8970**
DESCRIPTION:** Linux Kernel is vulnerable to a NULL pointer dereference in big_key.c, caused by the improper handling of setkey operation. A local attacker could exploit this vulnerability using a specially crafted application to cause the kernel to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120131 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-8839**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by multiple race conditions in the ext4 filesystem implementation. By writing to a page, an attacker could exploit this vulnerability to corrupt the disk.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114520 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2014-7975**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in do_umount function in fs/namespace.c. A local attacker could exploit this vulnerability using a umount call to cause the file system to become inaccessible.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/96994 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVEID: CVE-2014-7970**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the VFS filesystem pivot_root() function. A local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/96921 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVEID: CVE-2016-9588**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by mishandling the exceptions in the arch/x86/kvm/vmx.c. By declining to handle an exception thrown by a L2 guest, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120244 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-9576**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free error in the blk_rq_map_user_iov function in block/blk-map.c. By accessing /dev/sg* scsi generic devices, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120245 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-8645**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to properly maintain certain BUG state in tcp_collapse() function in net/ipv4/tcp_input.c. By executing specially-crafted system calls, an attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118962 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7097**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the setgid bit being preserved during a setxattr call by the filesystem implementation. By leveraging the existence of a setgid program, an attacker could exploit this vulnerability to gain group privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-7042**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the use of an incorrect buffer size for certain timeout data by the proc_keys_show function in security/keys/proc.c. By reading the /proc/keys file, an attacker could exploit this vulnerability to cause the kernel to panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118133 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-6213**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the mount table. By overflowing kernel mount table using shared bind mount, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114989 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

IBM QRadar Network Security 5.4

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM QRadar Network Security| Firmware version 5.4| Install Firmware 5.4.0.4 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
Or
Download Firmware 5.4.0.4 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.

Workarounds and Mitigations

None