IBM0D95BD029EF7D61B7C200E5DCF5114404F54883607A0E5A132C410EA37160E69Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Summary
PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities.
Vulnerability Details
CVEID: CVE-2018-1066 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() function. An attacker controlling a CIFS server could exploit this vulnerability to cause a kernel panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139836> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-7273 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the cp_report_fixup function in drivers/hid/hid-cypress.c. By using a specially-crafted HID report, a physically proximate attacker could exploit this vulnerability to cause a denial of service or possibly have unspecified other impact.
CVSS Base Score: 4.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123829> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-6346 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an use-after-free error in net/packet/af_packet.c. By using a multithreaded application that makes PACKET_FANOUT setsockopt system calls, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122669> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-5967 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by an error in the when CONFIG_TIMER_STATS is enabled. By reading the /proc/timer_list file, an attacker could exploit this vulnerability to obtain real PID value.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122005> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-5669 DESCRIPTION: Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the do_shmat() function. An atatcker could exploit this vulnerability to bypass a protection mechanism for the mmap system call.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122677> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2017-15299 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the KEYS subsystem. By using a specially-crafted system call, a remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133509> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-15274 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in security/keys/keyctl.c. By using a specially-crafted add_key or keyctl system call, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133486> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-14489 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c. By leveraging incorrect length validation, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132070> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-10661 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in fs/timerfd.c. An attacker could exploit this vulnerability to gain privileges or cause a denial of service.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130802> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2016-4913 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by the improper handling of NM entries containing NUL characters by the get_rock_ridge_filename function in fs/isofs/rock.c. An attacker could exploit this vulnerability using a specially crafted isofs filesystem to read from kernel memory locations.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113397> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2016-2548 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the ALSA sound driver when unlinking specific linked lists. A local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111571> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-10044 DESCRIPTION: Linux Kernel and Google Nexux could allow a local attacker to gain elevated privileges on the system, caused by improperly restricting execute access in aio_mount function in fs/aio.c. By using an io_setup system call, an attacker could exploit this vulnerability to bypass intended SELinux W^X policy restrictions and gain elevated privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127955> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2015-8830 DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the AIO interface. By applying to certain filesystems, socket or device types, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111186> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2015-5697 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a leak in the md driver. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105221> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-5391 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the reassembly of fragmented IPv4 and IPv6 packets by the IP implementation. By sending specially crafted IP fragments with random offsets, a remote attacker could exploit this vulnerability to exhaust all available CPU resources and cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148388> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using “yum update”.
Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 16.
Workarounds and Mitigations
none
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C