Multiple vulnerabilities in IBM RackSwitch firmware products

1) Integer overflow

EUVDB-ID: #VU64946

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-13974

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within drivers/tty/vt/keyboard.c if k_ascii is called several times in a row. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM RackSwitch G8124E: before 7.11.19.0

IBM RackSwitch G8124: before 7.11.19.0

IBM RackSwitch G8264CS: before 7.8.27.0

G8264CS_SI_Fabric_Image: before 7.8.27.0

IBM RackSwitch G8264T: before 7.9.29.0

IBM RackSwitch G8332: before 7.7.35.0

IBM RackSwitch G8264: before 7.11.19.0

IBM RackSwitch G8052: before 7.11.19.0

IBM RackSwitch G8316: before 7.9.29.0

IBM RackSwitch G7028: before 7.6.7.0

CPE2.3

• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124e:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264cs:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:g8264cs_si_fabric_image:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264t:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8332:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8052:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8316:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g7028:*:*:*:*:*:*:*:*

External links

http://www.ibm.com/support/pages/node/6382336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of uninitialized resource

EUVDB-ID: #VU92424

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-10732

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to read memory contents or crash the application.

The vulnerability exists due to use of uninitialized resource error within the fill_thread_core_info() function in fs/binfmt_elf.c. A local user can read memory contents or crash the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM RackSwitch G8124E: before 7.11.19.0

IBM RackSwitch G8124: before 7.11.19.0

IBM RackSwitch G8264CS: before 7.8.27.0

G8264CS_SI_Fabric_Image: before 7.8.27.0

IBM RackSwitch G8264T: before 7.9.29.0

IBM RackSwitch G8332: before 7.7.35.0

IBM RackSwitch G8264: before 7.11.19.0

IBM RackSwitch G8052: before 7.11.19.0

IBM RackSwitch G8316: before 7.9.29.0

IBM RackSwitch G7028: before 7.6.7.0

CPE2.3

• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124e:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264cs:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:g8264cs_si_fabric_image:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264t:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8332:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8052:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8316:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g7028:*:*:*:*:*:*:*:*

External links

http://www.ibm.com/support/pages/node/6382336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU47106

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-14314

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM RackSwitch G8124E: before 7.11.19.0

IBM RackSwitch G8124: before 7.11.19.0

IBM RackSwitch G8264CS: before 7.8.27.0

G8264CS_SI_Fabric_Image: before 7.8.27.0

IBM RackSwitch G8264T: before 7.9.29.0

IBM RackSwitch G8332: before 7.7.35.0

IBM RackSwitch G8264: before 7.11.19.0

IBM RackSwitch G8052: before 7.11.19.0

IBM RackSwitch G8316: before 7.9.29.0

IBM RackSwitch G7028: before 7.6.7.0

CPE2.3

• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124e:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264cs:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:g8264cs_si_fabric_image:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264t:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8332:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8052:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8316:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g7028:*:*:*:*:*:*:*:*

External links

http://www.ibm.com/support/pages/node/6382336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU28170

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-12770

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the system.

The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM RackSwitch G8124E: before 7.11.19.0

IBM RackSwitch G8124: before 7.11.19.0

IBM RackSwitch G8264CS: before 7.8.27.0

G8264CS_SI_Fabric_Image: before 7.8.27.0

IBM RackSwitch G8264T: before 7.9.29.0

IBM RackSwitch G8332: before 7.7.35.0

IBM RackSwitch G8264: before 7.11.19.0

IBM RackSwitch G8052: before 7.11.19.0

IBM RackSwitch G8316: before 7.9.29.0

IBM RackSwitch G7028: before 7.6.7.0

CPE2.3

• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124e:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8124:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264cs:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:g8264cs_si_fabric_image:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264t:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8332:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8264:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8052:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g8316:*:*:*:*:*:*:*:*
• cpe:2.3:h:ibm_corporation:ibm_rackswitch_g7028:*:*:*:*:*:*:*:*

External links

http://www.ibm.com/support/pages/node/6382336

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.