Lucene search

K
ibm
IBMB208854B100603393ABFE63FA8975A55F6379CCD86BE9A76E5EA76BC92BEB365
HistoryDec 07, 2023 - 10:45 p.m.

Security Bulletin: IBM RackSwitch firmware products are affected by vulnerabilities in the Kernel

2023-12-0722:45:08
www.ibm.com
31

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

31.4%

Summary

IBM RackSwitch firmware products have addressed the following Kernel vulnerabilities.

Vulnerability Details

CVEID:CVE-2020-13974
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow in the drivers/tty/vt/keyboard.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183251 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-10732
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the implementation of Userspace core dumps. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a program to crash.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181554 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2020-14314
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory out-of-bounds read flaw. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188395 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-12770
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an issue with sg_write lacks an sg_remove_request call in a certain failure case. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a panic.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181750 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
G7028 7.6
G8316 7.9
G8052 7.11
G8264 7.11
G8332 7.7
G8264T 7.9
G8124/G8124E 7.11
G8264CS_SI_Fabric_Image 7.8
G8264CS 7.8

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Product Fix Version

IBM RackSwitch G7028

(G7028_Image_7.6.7.0)

| 7.6.7.0

IBM RackSwitch G8316

(G8316_Image_7.9.29.0)

| 7.9.29.0

IBM RackSwitch G8052

(G8052_Image_7.11.19.0)

| 7.11.19.0

IBM RackSwitch G8264

(G8264_Image_7.11.19.0)

| 7.11.19.0

IBM RackSwitch G8332

(G8332_Image_7.7.35.0)

| 7.7.35.0

IBM RackSwitch G8264T

(G8264T_Image_7.9.29.0)

| 7.9.29.0

IBM RackSwitch G8124/G8124E

(G8124_G8124E_Image_7.11.19.0)

| 7.11.19.0

G8264CS_SI_Fabric_Image - Bundle

(G8264CS_SI_Fabric_Image_7.8.27.0)

| 7.8.27.0

IBM RackSwitch G8264CS

(G8264CS_Image_7.8.27.0)

| 7.8.27.0

Workarounds and Mitigations

None

Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

31.4%

Related for B208854B100603393ABFE63FA8975A55F6379CCD86BE9A76E5EA76BC92BEB365