SB2023072069 - Multiple vulnerabilities in Dell EMC VxRail Appliance 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023072069

SB2023072069 - Multiple vulnerabilities in Dell EMC VxRail Appliance

Published: July 20, 2023 Updated: June 17, 2025

Security Bulletin ID SB2023072069
Severity
High
Patch available
YES
Number of vulnerabilities 49
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 12% Medium 33% Low 55%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 49 secuirty vulnerabilities.


1) Security features bypass (CVE-ID: CVE-2023-1998)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Spectre v2 SMT mitigations, related to calling prctl with PR_SET_SPECULATION_CTRL. An attacker can gain unauthorized access to kernel memory from userspace.


2) Improper input validation (CVE-ID: CVE-2023-21968)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


3) Improper input validation (CVE-ID: CVE-2023-21967)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.


4) Improper input validation (CVE-ID: CVE-2023-21954)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.


5) Improper input validation (CVE-ID: CVE-2023-21939)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Swing component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


6) Improper input validation (CVE-ID: CVE-2023-21938)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


7) Improper input validation (CVE-ID: CVE-2023-21937)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


8) Improper input validation (CVE-ID: CVE-2023-21930)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.


9) Out-of-bounds read (CVE-ID: CVE-2023-2176)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.


10) Improper update of reference count (CVE-ID: CVE-2023-2019)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper update of reference count within the scheduling of events in drivers/net/netdevsim/fib.c. A local privileged user can perform a denial of service (DoS) attack.


11) Improper validation of array index (CVE-ID: CVE-2023-2008)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect validation of array index within a fault handler in drivers/dma-buf/udmabuf.c. A local privileged user can execute arbitrary code with kernel privileges.


12) Use-after-free (CVE-ID: CVE-2023-1990)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the ndlc_remove() function in drivers/nfc/st-nci/ndlc.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.


13) NULL pointer dereference (CVE-ID: CVE-2023-23006)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the mlx5_get_uars_page() function in drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c. A local user can pass specially crafted data to the systen and perform a denial of service (DoS) attack.


14) Use-after-free (CVE-ID: CVE-2023-1989)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btsdio_remove() function in driversluetoothtsdio.c. A local user can trigger a use-after-free error and escalate privileges on the system.


15) Use-after-free (CVE-ID: CVE-2023-1855)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xgene_hwmon_remove() function in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). A local user can trigger a use-after-free error and execute arbitrary code on the system.


16) Use-after-free (CVE-ID: CVE-2023-1670)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Xircom 16-bit PCMCIA (PC-card) Ethernet driver. A local user can trigger a use-after-free error and execute arbitrary code on the system.


17) NULL pointer dereference (CVE-ID: CVE-2023-1355)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in within the class_object_index() function in vim9class.c in Vim. A remote attacker can perform a denial of service (DoS) attack.


18) NULL pointer dereference (CVE-ID: CVE-2023-1264)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the utfc_ptr2len() function in mbyte.c.c. A remote attacker can trick the victim to open a specially crafted file and crash the editor.


19) Division by zero (CVE-ID: CVE-2023-1127)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a divide by zero error within the scrolldown() function in move.c. A remote attacker can trick the victim to open a specially crafted file and crash the editor.


20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-0386)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unauthorized access to execution of setuid files in OverlayFS subsystem when copying a capable file from a nosuid mount into another mount. A local user can execute arbitrary code with root privileges.


21) Out-of-bounds write (CVE-ID: CVE-2022-28737)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to a boundary error in the handle_image() function when shim tries to load and execute crafted EFI executables. A local privileged user can trigger an out-of-bounds write error and bypass secure boot protection mechanism.


22) Improper Initialization (CVE-ID: CVE-2022-2196)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper initialization within nVMX in Linux kernel. A local user can perform speculative execution attacks and escalate privileges on the system.


23) Integer overflow (CVE-ID: CVE-2022-0185)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in the legacy_parse_param() function in fs/fs_context.c in Linux kernel. A local user can tun a specially crafted program to trigger integer overflow and execute arbitrary code with root privileges.



24) Out-of-bounds write (CVE-ID: CVE-2020-12762)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the "printbuf_memappend". A remote attacker can create a specially crafted JSON file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.


25) Use-after-free (CVE-ID: CVE-2023-2235)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux Kernel Performance Events system. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


26) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-2454)

The vulnerability allows a remote user to execute arbitrary code on the system.

The vulnerability exists due to improperly imposed security restrictions. A remote database user with   CREATE privilege can bypass protective search_path changes via "CREATE SCHEMA ... schema_element" command and execute arbitrary code on the system.


27) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2023-31147)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to usage of a rand() function in case /dev/urandom or RtlGenRandom() are unavailable. A remote attacker can perform spoofing attack.


28) Out-of-bounds read (CVE-ID: CVE-2023-1018)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the CryptParameterDecryption routine. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.


29) Out-of-bounds write (CVE-ID: CVE-2023-1017)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the CryptParameterDecryption routine. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.


30) Out-of-bounds read (CVE-ID: CVE-2023-20896)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within DCERPC protocol implementation. A remote attacker can send specially crafted packets to the server, trigger an out-of-bounds read error and crash vmcad, vmdird, or vmafdd services.


31) Out-of-bounds read (CVE-ID: CVE-2023-20895)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in DCERPC protocol implementation. A remote attacker can send specially crafted traffic to the server to trigger an out-of-bounds read error and read contents of memory on the system. The obtain information can be used to bypass authentication process and compromise the system.


32) Out-of-bounds write (CVE-ID: CVE-2023-20894)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in DCERPC protocol implementation. A remote attacker can send specially crafted packets to the server, trigger an out-of-bounds write and execute arbitrary code on the target system.


33) Use-after-free (CVE-ID: CVE-2023-20893)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in DCERPC protocol implementation. A remote attacker can send specially crafted packets to the server, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


34) Heap-based buffer overflow (CVE-ID: CVE-2023-20892)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the DCERPC protocol implementation. A remote attacker can send specially crafted packets to the server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


35) Heap-based buffer overflow (CVE-ID: CVE-2023-32324)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the format_log_line() function cups/string.c when the "loglevel" is set to "DEBUG". A remote attacker can pass specially crafted data to the daemon, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


36) Input validation error (CVE-ID: CVE-2023-32067)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing DNS responses. A remote attacker can send a specially crafted DNS response to the application and perform a denial of service (DoS) attack.


37) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2023-31130)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a buffer underflow when using certain IPv6 addresses, such as 0::00:00:00/2". A local privileged user can trigger a boundary error and crash the service.


38) Security features bypass (CVE-ID: CVE-2023-2455)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to incomplete fix for #VU40402 (CVE-2016-2193) that did not anticipate a scenario involving function inlining. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.

This affects only databases that have used CREATE POLICY to define a row security policy.


39) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2023-31124)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error when cross-compiling c-ares and using the autotools build system. As a result, the CARES_RANDOM_FILE is not be set, which results in usage of a rand() function as a fallback, leading to weak entropy.


40) Race condition (CVE-ID: CVE-2023-30772)

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a race condition in rivers/power/supply/da9150-charger.c in Linux kernel. An attacker with physical access to device can trigger a race condition while unplugin the device and execute arbitrary code on the system.


41) Buffer overflow (CVE-ID: CVE-2023-29491)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.



42) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2023-29383)

The vulnerability allows a local user to inject arbitrary code.

The vulnerability exists due to an input validation error when processing fields provided to the SUID program chfn (change finger). A local user can inject and execute arbitrary code or misrepresent existing files.


43) Expected behavior violation (CVE-ID: CVE-2023-28322)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a logic error when sending HTTP POST and PUT requests using the same handle. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. As a result, the application can misbehave and either send off the wrong data or use memory after free or similar in the second transfer.


44) Improper certificate validation (CVE-ID: CVE-2023-28321)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation when matching wildcards in TLS certificates for IDN names. A remote attacker crate a specially crafted certificate that will be considered trusted by the library.

Successful exploitation of the vulnerability requires that curl is built to use OpenSSL, Schannel or Gskit.


45) Improper synchronization (CVE-ID: CVE-2023-28320)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper synchronization when resolving host names using the alarm() and siglongjmp() function. A remote attacker can force the application to crash by influencing contents of the global buffer.


46) Use-after-free (CVE-ID: CVE-2023-28319)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a use-after-free error when checking the SSH sha256 fingerprint. A remote attacker can use the application to connect to a malicious SSH server, trigger a use-after-free error and gain access to potentially sensitive information.

Successful exploitation of the vulnerability requires usage of the the CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 option, and also CURLOPT_VERBOSE or CURLOPT_ERRORBUFFER options have to be set.


47) Resource management error (CVE-ID: CVE-2023-2650)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when processing OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS subsystems with no message size limit. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.


48) Input validation error (CVE-ID: CVE-2023-25180)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling a serialised variant. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


49) Input validation error (CVE-ID: CVE-2023-24593)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling a text-form variant. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References