Security Bulletin: Multiple vulnerabilities identified in VMWare ESXi shipped with IBM Cloud Pak System

Summary

Vulnerabilties in VMware ESXi affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities.

Vulnerability Details

CVEID:CVE-2022-26373
**DESCRIPTION:**VMware ESXi could allow a local authenticated attacker to obtain sensitive information, caused by a return-stack-buffer-underflow in the Intel and AMD processors that it utilizes. An attacker could exploit this vulnerability to exploit various side-channel CPU flaws, obtain sensitive information from physical memory about the hypervisor or other virtual machines that reside on the same ESXi host, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233046 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2022-31681
**DESCRIPTION:**VMware ESXi is vulnerable to a denial of service, caused by a NULL pointer deference flaw in the VMX process. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition on the host machine.
CVSS Base score: 3.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237952 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L)

CVEID:CVE-2022-31696
**DESCRIPTION:**VMware ESXi could allow a local authenticated attacker to bypass security restrictions, caused by a memory corruption flaw in the handling of a network socket. By sending a specially-crafted request, an attacker could exploit this vulnerability to make escape of the ESXi sandbox.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241821 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2022-31699
**DESCRIPTION:**VMware ESXi could allow a local authenticated attacker to obtain sensitive information, caused by a heap-based buffer overflow. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241827 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N)

**IBM X-Force ID:**231872
**DESCRIPTION:**VMware ESXi could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption in the TCP/IP kernel module. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute code in the context of the kernel.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/231872 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

For unsupported release/platform IBM recommends upgrading to a fixed, supported release/platform of the product. Notice for IBM Cloud Pak System W3700 (5725-X32), IBM Cloud Pak System W3500 (5725-Z16), IBM Cloud Pak System W3550 (5725-Z17), IBM Cloud Pak System Software v2.3.0.0, v2.3.1.0, IBM Cloud Pak System Software Suite v2.3.0.0, v2.3.1.0 as per IBM Withdrawal announcement ENUS922-058.

In response to vulnerabilities found in VMware ESXi, Cloud Pak System provides new ESXi Image update to ESXi 6.7 P08 ESXi670-202210001 with Cloud Pak System 2.3.3.6.

For IBM Cloud Pak System V2.3.0.1, v2.3.3.0, v.2.3.3.1, v.2.3.3.2, v.2.3.3.3, v2.3.3.3 iFix 1, v2.3.3.4, v2.3.3.5

Upgrade to Cloud Pak System v2.3.3.6 available at FixCentral.

Information on upgrading can be found here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.

Workarounds and Mitigations

None.