SB2022071414 - Multiple vulnerabilities in IBM MQ Appliance
Published: July 14, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Double Free (CVE-ID: CVE-2017-18595)
The vulnerability allows a local user to escalate privileges in the system.
The vulnerability exists due to a boundary error within the allocate_trace_buffer() function in the kernel/trace/trace.c. A local user can run a specially crafted application to trigger a double free error and execute arbitrary code on the target system with elevated privileges.
2) Out-of-bounds read (CVE-ID: CVE-2018-19985)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when the function "hso_get_config_data" in "drivers/net/usb/hso.c" reads "if_num" from the USB device (as a u8) and uses it to index a small array. An authenticated local user with physical access to the system can use a malicious USB, trigger out-of-bounds read error and read contents of memory on the system.
3) Memory corruption (CVE-ID: CVE-2018-20169)
The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the USB subsystem due to improper checks on the minimum and maximum size of data allowed when reading an extra descriptor by the USB subsystem of the affected software, related to the __usb_get_extra_descriptor in the drivers/usb/core/usb.c source code file. A local attacker can insert a USB device designed to submit malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
4) Use-after-free (CVE-ID: CVE-2019-19527)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/hid/usbhid/hiddev.c driver. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-kernel-vulnerabilities/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-kernel-vulnerabilities/</a><br><a
- https://www.ibm.com/support/pages/node/6602561"
- https://www.ibm.com/support/pages/node/6602561</a><br><br><br></p>