Lucene search

IBMEE7420A03212E7A42473D3743C1A61B2A4CB4CDF8BEF90CBB334ECF842D29569

HistoryJun 21, 2023 - 5:31 p.m.

Security Bulletin: Vulnerabilities in Node.js, XStream, Linux kernel can affect IBM Spectrum Protect Plus

2023-06-2117:31:09

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.008 Low

EPSS

Percentile

81.0%

JSON

Summary

IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, XStream, and Linux kernel. Vulnerabilities include causing a denial of service condition and HTTP request smuggling, as described by the CVEs in the “Vulnerability Details” section. These vulnerabilities have been addressed.

Vulnerability Details

CVEID:CVE-2022-3106
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lacking check of return value of kmalloc() in ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c. A local attacker could exploit this vulnerability to cause a null pointer dereference, leading to a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242226 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3108
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lacking check of return value of kmemdup() in lkfd_parse_subtype_iolink in drivers/gpudrm/amd/amdkfd/kfd_crat.c . A local attacker could exploit this vulnerability to cause a null pointer dereference, leading to a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242225 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-40152
**DESCRIPTION:**XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted XML data, a remote authenticated attacker could exploit this vulnerability to causes the parser to crash, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236355 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-3105
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lacking check of return value of kmalloc_array() in uapi_finalize in drivers/infiniband/core/uverbs_uapi.c. A local attacker could exploit this vulnerability to cause a null pointer dereference, leading to a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242227 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-35256
**DESCRIPTION:**Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236964 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2022-3107
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by the lack of checking the return value of kvmalloc_array() in netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c l. A local attacker could exploit this vulnerability to cause a null pointer dereference, leading to a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242222 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**IBM X-Force ID:**237508
**DESCRIPTION:**Node.js npm CLI module is vulnerable to a denial of service. By stripping the trailing slash from files arguments and passing untrusted input into the tar.extract() or tar.list() array of entries to parse/extract, a remote attacker could exploit this vulnerability to cause a regular expression denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237508 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Storage Protect Plus Server	10.1.0 - 10.1.14

Remediation/Fixes

IBM Spectrum Protect Plus Affected Versions	Fixing Level	Platform	Link to Fix and Instructions
10.1.0 - 10.1.14	10.1.15	Linux

<https://www.ibm.com/support/pages/node/6988945>

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum protect pluseq10.1

CPE	Name	Operator	Version
	ibm spectrum protect plus	eq	10.1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.008 Low

EPSS

Percentile

81.0%

JSON

Related for EE7420A03212E7A42473D3743C1A61B2A4CB4CDF8BEF90CBB334ECF842D29569