Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel

Summary

There are multiple vulnerabilities in Linux Kernel used by IBM QRadar Network Security. IBM QRadar Network Security has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2016-6480**
DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.5/drivers/scsi/aacraid/commctrl.c when the driver fetches user space data. A local attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115630 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-6327**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command to abort a device write operation, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118155 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-6198**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service. A local attacker could exploit this vulnerability using rename syscall on overlayfs on top of xfs to cause the kernel to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114867 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-6136**
DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.6.1/kernel/auditsc.c when the driver fetches user space data using copy_from_user(). A local attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114719 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-5829**
DESCRIPTION:** Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the hiddev driver code. By sending a specially crafted ioctl call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114457 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)

CVEID: CVE-2016-5828**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of Transactional Memory on powerpc systems. By starting a transaction, suspending it, and then calling any of the exec() class system calls, an attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114456 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-5412**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in book3s_hv_rmhandlers.S. If CONFIG_KVM_BOOK3S_64_HV is enabled, a local attacker could exploit this vulnerability to cause the host to enter into an infinite loop.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116181 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)

CVEID: CVE-2016-4794**
DESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in array_map_alloc. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113188 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-4581**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the first propagated copy. A local attacker could exploit this vulnerability to cause a kernel oops.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113159 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-4578**
DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113158 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-3699**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system. By appending ACPI tables to the initrd, an attacker could exploit this vulnerability to bypass intended Secure Boot restrictions and execute arbitrary code on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118241 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-3156**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when destroying a network. A local authenticated attacker could exploit this vulnerability using a huge number of ipv4 addresses to keep rtnl_lock for a very long time and block network related operations.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112056 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-4569**
DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113190 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-3841**
DESCRIPTION:** Google Android could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the IPv6 stack in the Linux Kernel. By using a specially-crafted sendmsg system call, an attacker could exploit this vulnerability to gain elevated privileges on the system or cause a denial of service.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115983 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-2847**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error related to the per-user limit. By filling pipes with an overly large amount of data, an attacker could exploit this vulnerability to consume an overly large amount of kernel memory resources.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111306 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-2384**
DESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free in the ALSA USB MIDI driver. An attacker could exploit this vulnerability using an invalid USB descriptor to execute arbitrary code on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110587 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-2117**
DESCRIPTION:** Atheros Linux wireless drivers could allow a remote attacker to obtain sensitive information, caused by the failure to check scatter/gather IO. By sending a specially crafted packet, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111533 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-2069**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in arch/x86/mm/tlb.c. By triggering access to a paging structure by a different CPU, a local attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113822 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-2053**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the asn1_ber_decoder function. A remote attacker could exploit this vulnerability using an ASN.1 BER file that lacks a public key to cause a denial of service.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114430 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-8956**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c. By using vectors involving a bind system call on a Bluetooth RFCOMM socket, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service on the system.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118238 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

CVEID: CVE-2015-8845**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112156 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-8844**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers T and S bits on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112155 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-8812**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the CXGB3 kernel driver when the network was considered congested. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110574 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-8746**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the client. A local attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109545 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-8543**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to validate protocol identifiers for certain protocol families by the networking implementation. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges or cause the kernel to panic
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109383 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-8374**
DESCRIPTION:** Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by a information leak when truncating compressed/inlined extents on BTRFS. An attacker could exploit this vulnerability to obtain the truncated data.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108371 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2013-4312**
DESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions. By sending specially-crafted file descriptors over a UNIX socket, an attacker could exploit this vulnerability to bypass file-descriptor limits and cause a denial of service.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110778 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

CVEID: CVE-2016-3070**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper interaction with mm/migrate.c by the trace_writeback_dirty_page implementation. By triggering a certain page move, a local attacker could exploit this vulnerability to cause a NULL pointer dereference and crash the system.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116338 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM QRadar Network Security 5.4

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM QRadar Network Security| Firmware version 5.4| Install Firmware 5.4.0.2 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
Or
Download Firmware 5.4.0.2 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.

Workarounds and Mitigations

None