Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus

Summary

There are multiple security vulnerabilities in the Linux Kernel that affect IBM Spectrum Protect Plus.

Vulnerability Details

CVEID:CVE-2019-19252
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the vcs_write function in drivers/tty/vt/vc_screen.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172133 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-18675
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow in the cpia2_remap_buffer function in drivers/media/usb/cpia2/cpia2_core.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain read and write permissions on kernel physical pages.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172146 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-10220
**DESCRIPTION:**Linux Kernel CIFS implementation could allow a remote attacker to traverse directories on the system, caused by a flaw in the cifs.ko. An attacker could send a specially-crafted request to modify arbitrary files on the system.
CVSS Base score: 8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172424 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-15213
**DESCRIPTION:**Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the dvb-usb-init.c driver. By using a specially-crafted USB device, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165534 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-15214
**DESCRIPTION:**Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the sound subsystem. By performing card disconnection actions, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165535 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-15215
**DESCRIPTION:**Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the cpia2_usb.c driver. By using a specially-crafted USB device, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165536 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-15216
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the yurex.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165537 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-15220
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the p54usb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165541 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-15221
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the pcm.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165542 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-15211
**DESCRIPTION:**Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the v4l2-dev.c driver. By using a specially-crafted USB device, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165532 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-15222
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the helper.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165543 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-15223
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the driver.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165544 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-15212
**DESCRIPTION:**Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by a double-free flaw in the rio500.c driver. By using a specially-crafted USB device, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165533 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-15217
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the yurex.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165538 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-15218
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the smsusb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165539 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-15219
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the sisusb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165540 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-15291
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the flexcop_usb_probe function in the flexcop-usb.c driver. By using a specially-crafted USB device, a physical attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165548 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-17053
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the ieee802154_create function in net/ieee802154/socket.c in the AF_IEEE802154 network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168360 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2019-17075
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw in the write_tpt_entry function in drivers/infiniband/hw/cxgb4/mem.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168363 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-17054
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by the failure to enforce CAP_NET_RAW in the net/appletalk/ddp.c in the AF_APPLETALK network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168361 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2019-17055
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the base_sock_create function in drivers/isdn/mISDN/socket.c in the AF_ISDN network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168362 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2019-17056
**DESCRIPTION:**Linux Kernel could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the failure to enforce CAP_NET_RAW by llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module. An attacker could exploit this vulnerability to create a raw socket.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168412 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2019-17052
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by not enforcing CAP_NET_RAW in the ax25_create function in net/ax25/af_ax25.c in the AF_AX25 network module. By sending a specially-crafted request, an attacker could exploit this vulnerability to create a raw socket.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168359 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID:CVE-2020-10942
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by improper validation of an sk_family field by the get_raw_socket function in drivers/vhost/net.c. By sending specially-crafted system calls, a local attacker could exploit this vulnerability to cause a kernel stack corruption resulting in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178539 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-9383
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the set_fdc function in drivers/block/floppy.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176792 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2019-19768
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the __blk_add_trace function in kernel/trace/blktrace.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173055 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19947
**DESCRIPTION:**Linux Kernel could allow a physical attacker to obtain sensitive information, caused by an uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver. By using a specially-crafted USB device, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173450 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2019-19965
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in drivers/scsi/libsas/sas_discover.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173532 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19241
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the sendmsg function. By sending a specially-crafted request related to io_uring Offload, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173106 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-19769
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the perf_trace_lock_acquire function in include/trace/events/lock.h. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173056 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19767
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the __ext4_expand_extra_isize and ext4_xattr_set_entry functions in fs/ext4/inode.c and fs/ext4/super.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173054 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-19447
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the ext4_put_super function in fs/ext4/super.c. By using a specially-crafted image file, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172760 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

RHEL/CentOS is not providing a fix for CVE-2019-15291 at this time as there is a mitigation. Please refer to the Workarounds and Mitigations section below.

Workarounds and Mitigations

For CVE-2019-15291, refer to the mitigation documented at this link: <https://access.redhat.com/security/cve/cve-2019-15291&gt;