Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Storage Scale System

Summary

There are vulnerabilities in the Linux kernel, used by IBM Storage Scale System, which could allow a denial of service. Fixes for these vulnerabilities are available.

Vulnerability Details

CVEID:CVE-2023-1195
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the reconn_set_ipaddr_from_hostname function in fs/cifs/connect.c. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/255838 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3567
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition flaw in the inet6_stream_ops/inet6_dgram_ops function in the IPv6 Handler. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238744 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:CVE-2023-0394
**DESCRIPTION:**Linux Kernel s vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the rawv6_push_pending_frames function in net/ipv6/raw.c. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245058 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-0854
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by memory leak flaw in the DMA subsystem. By sending a specially-crafted request using the DMA_FROM_DEVICE function, an attacker could exploit this vulnerability to read random memory from the kernel space, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222424 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-4004
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the nft_pipapo_remove function in the netfilter. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262209 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-1184
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the dx_insert_block() function in in fs/ext4/namei.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234729 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-47929
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the traffic control subsystem. By using specially crafted traffic control configuration that is set up with “tc qdisc” and “tc class” commands, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/245174 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-35001
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a nf_tables nft_byteorder_eval out-of-bounds read/write. By sending a specially crafted request, an aattacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259747 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-0168
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the smb2_ioctl_query_info function in the fs/cifs/smb2ops.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234582 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3566
**DESCRIPTION:**A race condition in the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler in Linux Kernel could allow a remote authenticated attacker from within the local network to cause an unknown impact.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238743 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Remediation/Fixes

IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Storage Scale System 3000, 3200, 3500 and 5000 to the following code levels:

V6.1.2.8 or later

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.1.0&platform=All&function=all

V6.1.9.0 or later

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Storage+Scale+System&release=6.1.9&platform=All&function=all

Workarounds and Mitigations

None