Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB208854B100603393ABFE63FA8975A55F6379CCD86BE9A76E5EA76BC92BEB365
HistoryDec 07, 2023 - 10:45 p.m.

Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in the Kernel

2023-12-0722:45:08
www.ibm.com
34

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

32.4%

JSON

Summary

IBM RackSwitch firmware products have addressed the following Kernel vulnerabilities.

Vulnerability Details

CVEID:CVE-2020-13974
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the drivers/tty/vt/keyboard.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183251 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-10732
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the implementation of Userspace core dumps. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a program to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181554 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-14314
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory out-of-bounds read flaw. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188395 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-12770
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an issue with sg_write lacks an sg_remove_request call in a certain failure case. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a panic.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181750 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
G7028 7.6
G8316 7.9
G8052 7.11
G8264 7.11
G8332 7.7
G8264T 7.9
G8124/G8124E 7.11
G8264CS_SI_Fabric_Image 7.8
G8264CS 7.8

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Product Fix Version

IBM RackSwitch G7028

(G7028_Image_7.6.7.0)

| 7.6.7.0

IBM RackSwitch G8316

(G8316_Image_7.9.29.0)

| 7.9.29.0

IBM RackSwitch G8052

(G8052_Image_7.11.19.0)

| 7.11.19.0

IBM RackSwitch G8264

(G8264_Image_7.11.19.0)

| 7.11.19.0

IBM RackSwitch G8332

(G8332_Image_7.7.35.0)

| 7.7.35.0

IBM RackSwitch G8264T

(G8264T_Image_7.9.29.0)

| 7.9.29.0

IBM RackSwitch G8124/G8124E

(G8124_G8124E_Image_7.11.19.0)

| 7.11.19.0

G8264CS_SI_Fabric_Image - Bundle

(G8264CS_SI_Fabric_Image_7.8.27.0)

| 7.8.27.0

IBM RackSwitch G8264CS

(G8264CS_Image_7.8.27.0)

| 7.8.27.0

Workarounds and Mitigations

None

Related

ibm 3
nessus 83
photon 13
veracode 4
cbl_mariner 3
cve 4
debiancve 4
osv 6
prion 4
redhatcve 4
ubuntucve 4
ubuntu 13
f5 1
openvas 12
fedora 3
suse 3
mageia 4
virtuozzo 1
oraclelinux 9
debian 5
amazon 7
redhat 5
cloudfoundry 2
centos 1
slackware 1
ibm
ibm
Security Bulletin: IBM Flex System switch firmware products are affected by vulnerabilities in the Kernel
2023-12-07 22:45:07
Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products
2023-03-29 01:48:02
Security Bulletin: Vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus
2021-10-06 01:30:01
nessus
nessus
Photon OS 1.0: Linux PHSA-2020-1.0-0303
2020-06-25 00:00:00
F5 Networks BIG-IP : Linux kernel ext3/ext4 file system vulnerability (K67830124)
2021-10-28 00:00:00
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4411-1)
2020-07-06 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0303
2020-06-24 00:00:00
Important Photon OS Security Update - PHSA-2020-0303
2020-06-24 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0297
2020-05-29 00:00:00
veracode
veracode
Integer Overflow
2022-06-02 22:53:17
Denial Of Service (DoS)
2020-11-05 03:10:03
Denial Of Service (DoS)
2020-10-18 01:45:18
cbl_mariner
cbl_mariner
CVE-2020-13974 affecting package kernel 5.4.91-6
2021-04-06 23:51:14
CVE-2020-12770 affecting package kernel 5.4.91-6
2021-04-06 23:51:14
CVE-2020-14314 affecting package kernel 5.4.91-6
2021-03-03 03:44:27
cve
cve
CVE-2020-13974
2020-06-09 05:15:00
CVE-2020-10732
2020-06-12 14:15:00
CVE-2020-14314
2020-09-15 20:15:00
debiancve
debiancve
CVE-2020-10732
2020-06-12 14:15:00
CVE-2020-13974
2020-06-09 05:15:00
CVE-2020-14314
2020-09-15 20:15:00
osv
osv
flaw in Linux kernel's implementation of Userspace core dumps
2021-01-01 00:00:00
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities
2020-10-14 02:12:10
linux - security update
2020-06-09 00:00:00
prion
prion
Design/Logic Flaw
2020-06-12 14:15:00
Integer overflow
2020-06-09 05:15:00
Out-of-bounds
2020-09-15 20:15:00
redhatcve
redhatcve
CVE-2020-13974
2021-10-20 21:12:54
CVE-2020-14314
2020-07-06 19:50:51
CVE-2020-10732
2020-05-05 13:40:07
ubuntucve
ubuntucve
CVE-2020-13974
2020-06-09 00:00:00
CVE-2020-14314
2020-09-15 00:00:00
CVE-2020-10732
2020-06-12 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2020-07-06 00:00:00
Linux kernel vulnerabilities
2020-07-27 00:00:00
Linux kernel vulnerabilities
2020-10-14 00:00:00
f5
f5
K67830124 : Linux kernel ext3/ext4 file system vulnerability CVE-2020-14314
2021-03-10 00:00:00
openvas
openvas
Fedora: Security Advisory for kernel (FEDORA-2020-4c69987c40)
2020-05-15 00:00:00
Ubuntu: Security Advisory for linux (USN-4411-1)
2020-07-03 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2020-c6b9fff7f8)
2020-05-29 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: kernel-5.6.12-300.fc32
2020-05-15 02:37:22
[SECURITY] Fedora 30 Update: kernel-5.6.13-100.fc30
2020-05-20 03:48:40
[SECURITY] Fedora 31 Update: kernel-5.6.13-200.fc31
2020-05-20 03:16:44
suse
suse
Security update for the Linux Kernel (important)
2020-09-08 00:00:00
Security update for the Linux Kernel (important)
2020-09-02 00:00:00
Security update for the Linux Kernel (important)
2020-07-07 00:00:00
mageia
mageia
Updated kernel and kernel-linus packages fix security vulnerabilities
2020-08-30 21:45:14
Updated kernel packages fix security vulnerability
2020-05-24 21:04:47
Updated kernel-linus packages fix security vulnerabilities
2020-05-24 21:04:47
virtuozzo
virtuozzo
Important kernel security update: Virtuozzo ReadyKernel patch 110.0 for Virtuozzo Hybrid Server 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0 and Virtuozzo Hybrid Infrastructure 3.5
2020-07-06 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2020-10-09 00:00:00
Unbreakable Enterprise kernel security update
2020-07-14 00:00:00
Unbreakable Enterprise kernel security update
2020-08-10 00:00:00
debian
debian
[SECURITY] [DSA 4699-1] linux security update
2020-06-09 19:44:24
[SECURITY] [DSA 4699-1] linux security update
2020-06-09 19:44:24
[SECURITY] [DLA 2323-1] linux-4.19 new package
2020-08-12 16:33:21
amazon
amazon
Important: kernel
2020-06-01 12:24:00
Important: kernel
2020-06-01 22:37:00
Important: kernel
2020-09-28 20:57:00
redhat
redhat
(RHSA-2020:5206) Moderate: kernel security and bug fix update
2020-11-24 09:51:23
(RHSA-2020:5430) Moderate: kernel security and bug fix update
2020-12-15 08:24:50
(RHSA-2020:5441) Important: kernel-rt security and bug fix update
2020-12-15 09:01:44
cloudfoundry
cloudfoundry
USN-4578-1: Linux kernel vulnerabilities | Cloud Foundry
2020-11-19 00:00:00
USN-4414-1: Linux kernel vulnerabilities | Cloud Foundry
2020-07-22 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2020-12-21 20:45:16
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2020-06-11 21:36:19

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

32.4%

JSON
Related for B208854B100603393ABFE63FA8975A55F6379CCD86BE9A76E5EA76BC92BEB365
ibm3nessus83photon13veracode4cbl_mariner3cve4debiancve4osv6prion4redhatcve4ubuntucve4ubuntu13f51openvas12fedora3suse3mageia4virtuozzo1oraclelinux9debian5amazon7redhat5cloudfoundry2centos1slackware1