Lucene search

K
ibmIBM577E6752CB94DC8755F2E4A38D9BA5117DD396F8C762252ACA978966E42D7766
HistoryOct 07, 2020 - 4:13 p.m.

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability

2020-10-0716:13:17
www.ibm.com
25

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

Summary

IBM Security Guardium has fixed this vulnerability

Vulnerability Details

CVEID:CVE-2019-3846
**DESCRIPTION:**Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiex_update_bss_desc_with_ie function in drivers/net/wireless/marvell/mwifiex/scan.c. By sending specially-crafted beacon packets, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161814 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 10.5
IBM Security Guardium 10.6
IBM Security Guardium 11.0
IBM Security Guardium 11.1

Remediation/Fixes

Product Version Fix
IBM Security Guardium 10.5

IBM Security Guardium| 10.6| https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Sec…
IBM Security Guardium| 11.0| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…
IBM Security Guardium| 11.1| | |

http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Secur…

—|—

Workarounds and Mitigations

None

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C