IBMC7D6C8F0103FF5CAC3D7147093A232AE69F35BCD81DE0D047B087CB77353DACBSecurity Bulletin: PowerKVM is affected by Linux Kernel vulnerabilities (multiple CVEs)
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Summary
PowerKVM is affected by several Linux Kernel vulnerabilities (multiple CVEs) .
Vulnerability Details
CVEID: CVE-2015-2041**
DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in llc2_timeout_table. An attacker could exploit this vulnerability to leak kernel memory to user space.
CVSS Base Score: 1.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101026 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-2042**
DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in rds_sysctl_rds_table. An attacker could exploit this vulnerability to leak kernel memory to user space.
CVSS Base Score: 1.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101027 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-3339**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition between the chown() and execve() system calls. When changing the owner of a setuid-user binary to root, an attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base Score: 7.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102618 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2015-2922**
DESCRIPTION:** Linux Kernel, built with the IPv6 networking support(CONFIG_IPV6), is vulnerable to a denial of service, caused by the improper handling of Router Advertisements. A remote attacker from within the local network could exploit this vulnerability to set the hop_limit too low and cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102058 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:A/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2014-9710**
DESCRIPTION:** Linux Kernel, built with the Btrfs Filesystem support(CONFIG_BTRFS_FS), could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the non-atomic xattr replace operation. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101789 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVEID: CVE-2015-3332**
DESCRIPTION:** Linux Kernel, built with the IPv4 networking support(CONFIG_NET), is vulnerable to a denial of service, caused by an error while using TCP Fast open option when initiating a network connection. A local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 4.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102619 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:C)
CVEID: CVE-2014-9715**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the use of an insufficient large data type for certain extension data by the nf_conntrack_extend.h in the netfilter subsystem. An attacker could exploit this vulnerability using outbound network traffic to cause a OOPS and a NULL pointer dereference.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103522 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVEID: CVE-2014-9420**
DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to restrict the number of Rock Ridge continuation entries by the rock.c. A local attacker could exploit this vulnerability using a specially-crafted iso9660 image to cause the application to enter into an infinite loop.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99588 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)
CVEID: CVE-2015-1805**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption error in the pipe_iov_copy_from_user() and pipe_iov_copy_to_user() functions. An attacker could exploit this vulnerability to execute arbitrary commands on the system with root privileges.
CVSS Base Score: 7.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103584 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Affected Products and Versions
PowerKVM 2.1
Remediation/Fixes
Fix is made available via Fix Central (<https://ibm.biz/BdEnT8>) in 2.1.1 build 58 and all later builds and fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using “yum update”.
Workarounds and Mitigations
None
Related
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C