Security Bulletin: Multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Summary

There are security vulnerabilities in versions of the Linux Kernel that are shipped with the Elastic Storage System. A fix for these vulnerabilities in available.

Vulnerability Details

CVEID:CVE-2020-1749
**DESCRIPTION:**Linux Kernel could allow a remote attacker to obtain sensitive information, caused by an error in the implementation of some ipv6 protocols in encrypted Ipsec tunnels. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to read the traffic unencrypted.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181872 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2020-10720
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free read in napi_gro_frags(). By providing a page fragment of exactly 14 bytes, a remote attacker could exploit this vulnerability to crash the system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181869 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000 and 5000 to the following code levels or higher:

V6.0.1.1

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.0.0&platform=Linux+64-bit,x86_64&function=all

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.0.0&platform=Linux+PPC64LE&function=all

Workarounds and Mitigations

None