Lucene search

K
ibmIBMEE7420A03212E7A42473D3743C1A61B2A4CB4CDF8BEF90CBB334ECF842D29569
HistoryJun 21, 2023 - 5:31 p.m.

Security Bulletin: Vulnerabilities in Node.js, XStream, Linux kernel can affect IBM Spectrum Protect Plus

2023-06-2117:31:09
www.ibm.com
24
ibm spectrum protect plus
node.js
xstream
linux kernel
denial of service
http request smuggling

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.008

Percentile

81.4%

Summary

IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, XStream, and Linux kernel. Vulnerabilities include causing a denial of service condition and HTTP request smuggling, as described by the CVEs in the β€œVulnerability Details” section. These vulnerabilities have been addressed.

Vulnerability Details

CVEID:CVE-2022-3106
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lacking check of return value of kmalloc() in ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c. A local attacker could exploit this vulnerability to cause a null pointer dereference, leading to a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242226 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3108
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lacking check of return value of kmemdup() in lkfd_parse_subtype_iolink in drivers/gpudrm/amd/amdkfd/kfd_crat.c . A local attacker could exploit this vulnerability to cause a null pointer dereference, leading to a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242225 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-40152
**DESCRIPTION:**XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236355 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3105
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lacking check of return value of kmalloc_array() in uapi_finalize in drivers/infiniband/core/uverbs_uapi.c. A local attacker could exploit this vulnerability to cause a null pointer dereference, leading to a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242227 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-35256
**DESCRIPTION:**Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236964 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2022-3107
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lack of checking the return value of kvmalloc_array() in netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c l. A local attacker could exploit this vulnerability to cause a null pointer dereference, leading to a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242222 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**IBM X-Force ID:**237508
**DESCRIPTION:**Node.js npm CLI module is vulnerable to a denial of service. By stripping the trailing slash from files arguments and passing untrusted input into the tar.extract() or tar.list() array of entries to parse/extract, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237508 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Protect Plus Server 10.1.0 - 10.1.14

Remediation/Fixes

IBM Spectrum Protect Plus Affected Versions Fixing Level Platform Link to Fix and Instructions
10.1.0 - 10.1.14 10.1.15 Linux

<https://www.ibm.com/support/pages/node/6988945&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmspectrum_protect_plusMatch10.1
CPENameOperatorVersion
ibm spectrum protect pluseq10.1

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.008

Percentile

81.4%