IBM67F34875B087C3604873BF715FADB7EDA42B1D0006314AD3B00D4C814E35E729Security Bulletin: Vulnerabilities in libcurl, cURL and Linux Kernel might affect IBM Storage Copy Data Management
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.7%
Summary
IBM Storage Copy Data Management can be affected by vulnerabilities in libcurl, cURL and Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to overflow a buffer and execute arbitrary code on the system, to insert cookies at will into a running program, to cause application to misbehave and either send off the wrong data or use memory after free or similar in the second transfer, to cause application to crash, to obtain sensitive heap-based data from the error message, to accept mismatch wildcard patterns, to use files that unaware of the HSTS status, to, allow a HTTP server to set “super cookies” in curl, gain elevated privileges, and cause a denial of service conditions, as described by the CVEs in the “Vulnerability Details” section. CVE-2022-38096, CVE-2023-51042, CVE-2023-38545, CVE-2023-38546, CVE-2023-28322, CVE-2023-28320, CVE-2023-28319, CVE-2023-28321, CVE-2023-6546, CVE-2024-0565, CVE-2023-6931, CVE-2024-1086, CVE-2023-46219, CVE-2023-46218.
Vulnerability Details
CVEID:CVE-2022-38096
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a NULL pointer dereference flaw in the vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component. By sending a specialy-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privilege to cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235788 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-51042
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a fence use-after-free flaw in the amdgpu_cs_wait_all_fences function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280863 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-38545
**DESCRIPTION:**libcurl and cURL are vulnerable to a heap-based buffer overflow, caused by the improper handling of hostnames longer than 255 bytes during a slow SOCKS5 proxy handshake. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268045 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-38546
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the curl_easy_duphandle function if a transfer has cookies enabled when the handle is duplicated. By sending a specially crafted request, an attacker could exploit this vulnerability to insert cookies at will into a running program.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-28322
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST… By sending a specially crafted request, an attacker could exploit this vulnerability to cause application to misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255626 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-28320
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a race condition flaw in the siglongjmp() function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash or misbehave.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255624 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-28319
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a use-after-free flaw in SSH sha256 fingerprint check. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive heap-based data from the error message, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255616 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2023-28321
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when listed as “Subject Alternative Name” in TLS server certificates. By sending a specially crafted request, an attacker could exploit this vulnerability to accept mismatch wildcard patterns.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255625 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-6546
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the GSM 0710 tty multiplexor. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275779 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2024-0565
**DESCRIPTION:**Linux Kernel could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds memory read due to an integer underflow on the memcpy length. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279430 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-6931
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in the Performance Events system component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275563 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2024-1086
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by use-after-free flaw in the nft_verdict_init() function in the Netfilter subsystem. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/281122 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-46219
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when saving HSTS data to an excessively long file name. By sending a specially crafted request, an attacker could exploit this vulnerability to use files that unaware of the HSTS status.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273321 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-46218
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a mixed case flaw when curl is built without PSL support. By sending a specially crafted request, an attacker could exploit this vulnerability to allow a HTTP server to set “super cookies” in curl.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273320 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Storage Copy Data Management | 2.2.0.0 - 2.2.23.1 |
Remediation/Fixes
Affected Versions|**Fixing **Level|Platform|**Link to Fix and Instructions
**
—|—|—|—
2.2.0.0 - 2.2.23.1| 2.2.24.0| Linux| ** **<https://www.ibm.com/support/pages/node/7150077>
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm storage copy data management | eq | 2.2 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.7%