SB2023032955 - Multiple vulnerabilities in IBM QRadar SIEM

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023032955

SB2023032955 - Multiple vulnerabilities in IBM QRadar SIEM

Published: March 29, 2023 Updated: March 20, 2024

Security Bulletin ID SB2023032955
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 14% Low 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Type Confusion (CVE-ID: CVE-2022-23816)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.


2) Type Confusion (CVE-ID: CVE-2022-23825)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.


3) Double Free (CVE-ID: CVE-2022-2588)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a double free error within the network packet scheduler implementation in the route4_change() function in Linux kernel when removing all references to a route filter before freeing it. A local user can run a specially crafted program to crash the kernel or execute arbitrary code.


4) Security restrictions bypass (CVE-ID: CVE-2022-26373)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of return predictor targets between contexts in Intel CPU processors. A local user can bypass the expected architecture isolation between contexts and gain access to sensitive information on the system.


5) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29900)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a mistrained branch predictions for return instructions. A local user can execute arbitrary speculative code under certain microarchitecture-dependent conditions. The vulnerability was dubbed  RETbleed.


6) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2022-29901)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.


7) Integer overflow (CVE-ID: CVE-2022-42898)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to an integer overflow within the S4U2Proxy handler on 32-bit systems. A remote user can send specially crafted request to the KDC server, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References