Lucene search

K
ibmIBM600504ACC9566ED2332CA0D0991F4BB9DB46A7BDA705B07BF720840439E4843E
HistoryJul 30, 2021 - 5:04 a.m.

Security Bulletin: An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator, affecting IBM Cloud Pak for Applications

2021-07-3005:04:25
www.ibm.com
24

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.1%

Summary

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator, affecting IBM Cloud Pak for Applications

Vulnerability Details

CVEID:CVE-2020-10756
**DESCRIPTION:**libslirp could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read in the SLiRP networking implementation of the QEMU emulator. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184988 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for Applications All

Remediation/Fixes

IBM Cloud Pak for Applications 4.3.1 contains an updated SLiRP which no longer expose this vulnerability. No separate APAR is provided.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud pak for applicationseqany

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.1%