SB2022091213 - ClevOS update for IBM Cloud Object Storage Systems
Published: September 12, 2022 Updated: February 8, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-27364)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to iscsi_if_recv_msg() allows non-root users to connect and send commands to the Linux kernel. A local user can escalate privileges on the system.
2) Out-of-bounds read (CVE-ID: CVE-2021-3753)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel. A local user can trigger out-of-bounds read error and read contents of memory on the system.
3) Race condition (CVE-ID: CVE-2021-32399)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition for removal of the HCI controller within net/bluetooth/hci_request.c in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
4) Out-of-bounds write (CVE-ID: CVE-2021-22555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
5) Buffer overflow (CVE-ID: CVE-2021-29650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h. A local user can trigger memory corruption upon the assignment of a new table value and cause denial of service.
6) Information disclosure (CVE-ID: CVE-2021-29647)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in qrtr_recvmsg(0 function in net/qrtr/qrtr.c caused by a partially uninitialized data structure. A local user can read sensitive information from kernel memory.
7) Resource exhaustion (CVE-ID: CVE-2021-28971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to mishandling of PEBS status in a PEBS record In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
8) Buffer overflow (CVE-ID: CVE-2021-28972)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the drivers/pci/hotplug/rpadlpar_sysfs.c. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Race condition (CVE-ID: CVE-2021-28964)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a race condition in the get_old_root() function in fs/btrfs/ctree.c component in the Linux kernel. A local user can exploit the race and perform a denial of service attack.
10) Information disclosure (CVE-ID: CVE-2021-27363)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the show_transport_handle() shows iSCSI transport handle to non-root users. A local user can gain unauthorized access to sensitive information and use it along with another vulnerability, such as #VU51452, to escalate privileges on the system.
11) Buffer overflow (CVE-ID: CVE-2021-27365)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing Netlink messages in Linux kernel through 5.11.3, as certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. A local unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message, trigger memory corruption and execute arbitrary code on the system with elevated privileges.
12) Integer overflow (CVE-ID: CVE-2021-33909)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow during size_t-to-int conversion when creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB. An unprivileged local user can write up to 10-byte string to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.
Successful exploitation of vulnerability may allow an attacker to exploit the our-of-bounds write vulnerability to execute arbitrary code with root privileges.
13) Use-after-free (CVE-ID: CVE-2021-3483)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Nosy driver in the Linux kernel. A local user can trigger use-after-free and to escalate privileges on the system.
14) Memory leak (CVE-ID: CVE-2020-36312)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists in the KVM hypervisor of the Linux kernel. A local user can force the application to leak memory and perform denial of service attack.
15) Resource exhaustion (CVE-ID: CVE-2021-3679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to lack of CPU resource in the Linux kernel tracing module functionality when using trace ring buffer in a specific way. A privileged local user (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
16) Use-after-free (CVE-ID: CVE-2021-3347)
The vulnerability allows a local user to elevate privileges on the system.
The vulnerability exists due to a use-after-free error when handling PI futexes. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.
17) Information disclosure (CVE-ID: CVE-2021-31829)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the Linux kernel's eBPF verification code. A local user can insert eBPF instructions, use the eBPF verifier to abuse a spectre-like flaw and infer all system memory.
18) Path traversal (CVE-ID: CVE-2020-28374)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in drivers/target/target_core_xcopy.c in the Linux kernel. A remote user with access to iSCSI LUN can send a specially crafted XCOPY request and read or write arbitrary files on the system.
19) Out-of-bounds write (CVE-ID: CVE-2021-31916)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module. A special user (CAP_SYS_ADMIN) can trigger a buffer overflow in the ioctl for listing devices and escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-oct-2021-v1-3/"
- https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-oct-2021-v1-3/</a><br>
- https://www.ibm.com/support/pages/node/6497781<br><br></p>