Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA3ECA2FADF3E248DCF026E08D24250DA5644166428EA8CC2D77F20F0FD2FCE99
HistoryFeb 25, 2019 - 8:40 p.m.

Security Bulletin: Multiple vulnerabilities affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows

2019-02-2520:40:02
www.ibm.com
17

EPSS

0.551

Percentile

97.7%

JSON

Summary

Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows have addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2015-9261 DESCRIPTION: BusyBox is vulnerable to a denial of service, caused by a flaw in the huft_build in archival/libarchive/decompress_gunzip.c. By persuading a victim to open a specially-crafted ZIP file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147643&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-18208 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the madvise_willneed function in mm/madvise.c. By triggering use of MADVISE_WILLNEED for a DAX mapping, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139764&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-18075 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a mishandling of freeing instances by crypto/pcrypt.c. By executing a specially-crafted sequence of system calls, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138237&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-18216 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in fs/ocfs2/cluster/nodemanager.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139923&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-18203 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw in the dm_get_from_kobject function in drivers/md/dm.c. By leveraging a race condition with __dm_destroy during creation and removal of DM devices, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139759&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-15116 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by NULL pointer dereference in the rngapi_reset function in crypto/rng.c. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135735&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-16994 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the walk_hugetlb_range function in mm/pagewalk.c. By using a specially-crafted system call, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135497&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2017-8779 DESCRIPTION: rpcbind, LIBTIRPC, and NTIRPC are vulnerable to a denial of service, caused by improper validation of XDR strings in memory allocation. By sending a specially-crafted UDP packet, a remote attacker could exploit this vulnerability to cause memory consumption.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125753&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-14140 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper validation of effective uid of the target process in the move_pages system call in mm/migrate.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to learn the memory layout of a setuid executable despite ASLR.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131413&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2018-18310 DESCRIPTION: elfutils is vulnerable to a denial of service, caused by an invalid memory address dereference in dwfl_segment_report_module.c in libdwfl. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151273&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-18521 DESCRIPTION: elfutils is vulnerable to a denial of service, caused by a divide-by-zero flaw in the function arlib_add_symbols() in arlib.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151750&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-18520 DESCRIPTION: elfutils is vulnerable to a denial of service, caused by an invalid memory address dereference exists in the function elf_end in libelf. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151751&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-16402 DESCRIPTION: elfutils is vulnerable to a denial of service, caused by a double free in the libelf/elf_end.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149340&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-16403 DESCRIPTION: elfutils is vulnerable to a denial of service, caused by a heap-based buffer overflow in the dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149339&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-16062 DESCRIPTION: Elfutils is vulnerable to a denial of service, caused by a heap-based buffer over-read in /elfutils/libdw/dwarf_getaranges.c. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149133&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-7995 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the store_int_with_restart function in arch/x86/kernel/cpu/mcheck/mce.c. By leveraging root access to write to the check_interval file, a local attacker could exploit this vulnerability to cause the system to panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140100&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-6927 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow in the futex_requeue function in kernel/futex.c. By triggering a negative wake or requeue value, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139067&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-1066 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() function. An attacker controlling a CIFS server could exploit this vulnerability to cause a kernel panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139836&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-5333 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an rds_atomic_free_op NULL pointer dereference in the rds_cmsg_atomic function in net/rds/rdma.c. A local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137567&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-5332 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a heap-based out-of-bounds write in the rds_rdma_extra_size function in net/rds/rdma.c. A local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137569&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-5344 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the drivers/block/loop.c. A local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137649&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

The following products used with Intel Xeon Phi PCI-Express cards (Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A, and Intel Xeon Phi 7210P) on the System x systems:

  • iDataPlex dx360 M4
  • NeXtScale nx360 M4
  • PureFlex x220 M4 / x240 M4 / x240 M5
  • x3850 X6 / x3950 X6

Product

|

Affected Version

—|—

Intel® Manycore Platform Software Stack (MPSS) for Linux & Windows

|

3.8

Remediation/Fixes

IBM recommends that you update the affected versions of Intel MPSS that are used with Intel Xeon Phi cards supported in IBM System x Servers to MPSS version 3.8.5 or later.

Instructions on how to download and apply the update are available at: https://software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss

Product

|

Fixed Version

—|—

Intel® Manycore Platform Software Stack (MPSS) for Linux & Windows

|

3.8.5

Workarounds and Mitigations

None

Related

fedora 7
openvas 34
ubuntu 3
cloudfoundry 1
nessus 49
archlinux 1
osv 6
debian 3
redhat 2
amazon 1
centos 1
photon 4
f5 1
oraclelinux 3
suse 23
mageia 2
nvd 8
cve 7
debiancve 8
redhatcve 8
cvelist 6
prion 6
ubuntucve 7
veracode 4
virtuozzo 2
alpinelinux 2
fedora
fedora
[SECURITY] Fedora 28 Update: elfutils-0.174-5.fc28
2018-11-21 03:14:18
[SECURITY] Fedora 29 Update: elfutils-0.174-5.fc29
2018-11-18 04:00:18
[SECURITY] Fedora 29 Update: elfutils-0.174-1.fc29
2018-09-30 23:27:45
openvas
openvas
Fedora Update for elfutils FEDORA-2018-cb25ae4b94
2018-12-04 00:00:00
Ubuntu: Security Advisory (USN-4012-1)
2019-06-11 00:00:00
Fedora Update for elfutils FEDORA-2018-1eec1f0d17
2018-10-03 00:00:00
ubuntu
ubuntu
elfutils vulnerabilities
2019-06-10 00:00:00
elfutils vulnerabilities
2023-08-30 00:00:00
Linux kernel (Raspberry Pi 2) vulnerabilities
2018-05-22 00:00:00
cloudfoundry
cloudfoundry
USN-4012-1: elfutils vulnerabilities | Cloud Foundry
2019-06-18 00:00:00
nessus
nessus
Fedora 28 : elfutils (2018-1eec1f0d17)
2019-01-03 00:00:00
Fedora 29 : elfutils (2018-91382c7bd3)
2019-01-03 00:00:00
Fedora 28 : elfutils (2018-cb25ae4b94)
2019-01-03 00:00:00
archlinux
archlinux
[ASA-201901-3] elfutils: denial of service
2019-01-08 00:00:00
osv
osv
elfutils - security update
2021-10-30 00:00:00
elfutils vulnerabilities
2023-08-30 16:29:23
elfutils - security update
2019-02-25 00:00:00
debian
debian
[SECURITY] [DLA 2802-1] elfutils security update
2021-10-30 21:53:24
[SECURITY] [DLA 1689-1] elfutils security update
2019-02-25 21:35:38
[SECURITY] [DLA 1445-2] busybox regression update
2018-08-02 01:18:37
redhat
redhat
(RHSA-2019:2197) Low: elfutils security, bug fix, and enhancement update
2019-08-06 08:12:18
(RHSA-2018:0470) Moderate: Red Hat Enterprise MRG Realtime 2.5 security and enhancement update
2018-03-12 13:28:14
amazon
amazon
Low: elfutils
2019-10-21 18:01:00
centos
centos
elfutils security update
2019-08-30 02:43:56
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0226
2019-04-22 00:00:00
Important Photon OS Security Update - PHSA-2019-0226
2019-04-22 00:00:00
Important Photon OS Security Update - PHSA-2018-0015
2018-02-01 00:00:00
f5
f5
K21426934 : Multiple elfutils vulnerabilities
2022-04-25 00:00:00
oraclelinux
oraclelinux
elfutils security, bug fix, and enhancement update
2019-08-13 00:00:00
Unbreakable Enterprise kernel security update
2018-08-09 00:00:00
Unbreakable Enterprise kernel security update
2018-05-15 00:00:00
suse
suse
Security update for elfutils (moderate)
2019-06-20 00:00:00
Security update for dwarves and elfutils (moderate)
2022-08-01 00:00:00
Security update for dwarves and elfutils (moderate)
2022-09-01 00:00:00
mageia
mageia
Updated elfutils packages fix security vulnerabilities
2019-08-18 15:39:41
Updated busybox packages fix security vulnerability
2018-10-26 21:47:14
nvd
nvd
CVE-2017-15116
2017-11-30 18:29:00
CVE-2017-18216
2018-03-05 18:29:00
CVE-2017-18075
2018-01-24 10:29:00
cve
cve
CVE-2017-15116
2017-11-30 18:29:00
CVE-2017-18216
2018-03-05 18:29:00
CVE-2017-18075
2018-01-24 10:29:00
debiancve
debiancve
CVE-2017-15116
2017-11-30 18:29:00
CVE-2017-18075
2018-01-24 10:29:00
CVE-2017-14140
2017-09-05 06:29:00
redhatcve
redhatcve
CVE-2017-15116
2017-11-30 13:49:43
CVE-2017-18216
2018-03-06 10:18:56
CVE-2017-18075
2018-01-29 05:20:04
cvelist
cvelist
CVE-2017-15116
2017-11-30 18:00:00
CVE-2015-9261
2018-07-26 19:00:00
CVE-2017-18203
2018-02-27 20:00:00
prion
prion
Null pointer dereference
2017-11-30 18:29:00
Code injection
2018-01-24 10:29:00
Null pointer dereference
2018-03-05 18:29:00
ubuntucve
ubuntucve
CVE-2017-15116
2017-11-30 00:00:00
CVE-2017-18075
2018-01-24 00:00:00
CVE-2017-18216
2018-03-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 02:50:23
Denial Of Service (DoS)
2020-09-21 06:32:20
Denial Of Service (DoS)
2019-08-08 00:07:56
virtuozzo
virtuozzo
Kernel security update: CVE-2017-18017 and other; new kernel 2.6.32-042stab128.2, Virtuozzo 6.0 Update 12 Hotfix 22 (6.0.12-3701)
2018-03-26 00:00:00
Kernel security update: CVE-2017-18017 and other; new kernel 2.6.32-042stab128.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-03-26 00:00:00
alpinelinux
alpinelinux
CVE-2018-18520
2018-10-19 17:29:00
CVE-2018-18310
2018-10-15 02:29:00

EPSS

0.551

Percentile

97.7%

JSON
Related for A3ECA2FADF3E248DCF026E08D24250DA5644166428EA8CC2D77F20F0FD2FCE99
fedora7openvas34ubuntu3cloudfoundry1nessus49archlinux1osv6debian3redhat2amazon1centos1photon4f51oraclelinux3suse23mageia2nvd8cve7debiancve8redhatcve8cvelist6prion6ubuntucve7veracode4virtuozzo2alpinelinux2