SB2024022732 - Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data
Published: February 27, 2024 Updated: March 21, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 36 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2023-25664)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in AvgPoolGrad. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
2) Buffer overflow (CVE-ID: CVE-2023-25667)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when opening multiframe gif images. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.3) Uncaught Exception (CVE-ID: CVE-2023-25663)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exceptionin TensorArrayConcatV2. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.4) Out-of-bounds read (CVE-ID: CVE-2023-25668)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the QuantizeAndDequantize operation. A remote attacker can trigger a heap out-of-bounds read error and read contents of memory on the system.
5) Buffer overflow (CVE-ID: CVE-2023-25660)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in tf.raw_ops.Print. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.6) Buffer overflow (CVE-ID: CVE-2023-25671)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in tfg-translate. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.7) Out-of-bounds read (CVE-ID: CVE-2023-25659)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in DynamicStitch. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
8) Uncaught Exception (CVE-ID: CVE-2023-25673)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in TensorListSplit with XLA. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.9) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2022-41887)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
10) Uncaught Exception (CVE-ID: CVE-2023-25670)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in QuantizedMatMulWithBiasAndDequantize. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.11) Input validation error (CVE-ID: CVE-2023-25661)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation by the Convolution3DTranspose function. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack on ML cloud services.
12) Code Injection (CVE-ID: CVE-2022-45907)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the torch.jit.annotations.parse_type_line() function. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Incorrect Regular Expression (CVE-ID: CVE-2022-40897)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
14) Input validation error (CVE-ID: CVE-2022-40898)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input passed to wheel cli. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
15) Code Injection (CVE-ID: CVE-2022-21797)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the pre_dispatch flag in Parallel() class due to the eval() statement. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
16) Uncaught Exception (CVE-ID: CVE-2023-25666)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in AudioSpectrogram. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.17) Sensitive cookie in HTTPS session without Secure attribute (CVE-ID: CVE-2023-28708)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to Apache Tomcat does not set the "Secure" attribute for the JSESSIONID session cookie when using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https. A remote attacker can force the application to transmit cookie via an insecure channel and intercept it.
18) NULL pointer dereference (CVE-ID: CVE-2023-25676)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference on ParallelConcat with XLA. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
19) Uncaught Exception (CVE-ID: CVE-2023-25674)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer exception in RandomShuffle with XLA enabled. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.20) Double Free (CVE-ID: CVE-2023-25801)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Fractional(Max/Avg)Pool. A remote attacker can pass specially crafted input to the application, trigger a double free error and perform a denial of service (DoS) attack.
21) Overly permissive cross-domain whitelist (CVE-ID: CVE-2022-1996)
The vulnerability allows a remote attacker to bypass the CORS protection mechanism.
The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and perform cross-site scripting attacks against the vulnerable application.
22) Path traversal (CVE-ID: CVE-2022-25882)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Request example:
http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
23) Information disclosure (CVE-ID: CVE-2018-6594)
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.The weakness exists in the ElGamal implementation in PyCrypto due to generation of weak ElGamal key parameters by the source code in the lib/Crypto/PublicKey/ElGamal.py file. A remote attacker can gain access to potentially sensitive information.
24) Cryptographic issues (CVE-ID: CVE-2013-1445)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
25) Cryptographic issues (CVE-ID: CVE-2012-2417)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
26) Buffer overflow (CVE-ID: CVE-2013-7459)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
27) Improper Privilege Management (CVE-ID: CVE-2023-25173)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management where supplementary groups are not set up properly inside a container. A local user can use supplementary group access to bypass primary group restrictions and compromise the container.
28) Uncaught Exception (CVE-ID: CVE-2023-25669)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in AvgPoolGrad with XLA. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.29) Resource exhaustion (CVE-ID: CVE-2023-25153)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when importing an OCI image. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
30) Resource exhaustion (CVE-ID: CVE-2021-33503)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in urllib3 when processing URL with multiple "@" characters in the authority component. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
31) Input validation error (CVE-ID: CVE-2022-36087)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within uri_validate functions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
32) Uncaught Exception (CVE-ID: CVE-2023-25672)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer exception within the tf.raw_ops.LookupTableImportV2() function. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.33) Out-of-bounds read (CVE-ID: CVE-2023-25658)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in GRUBlockCellGrad. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
34) Integer overflow (CVE-ID: CVE-2023-25662)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in EditDistance. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
35) Uncaught Exception (CVE-ID: CVE-2023-25665)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer exception in SparseSparseMaximum. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.36) Buffer overflow (CVE-ID: CVE-2023-25675)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Bincount with XLA. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.