SB2023040633 - Multiple vulnerabiities in IBM 4769 Developer's Toolkit

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2019-20811)

The vulnerability allows a local authenticated user to manipulate data.

An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0466)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unspecified error, related to I/O subsystem in kernel. A local user can elevated privileges on the system.

3) Use-after-free (CVE-ID: CVE-2021-0920)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unix_scm_to_skb() function of af_unix.c in Linux kernel. A local user can run a specially crafted program to trigger a race condition and execute arbitrary code with elevated privileges.

4) Use-after-free (CVE-ID: CVE-2021-3347)

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to a use-after-free error when handling PI futexes. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.

5) Out-of-bounds read (CVE-ID: CVE-2018-19985)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when the function "hso_get_config_data" in "drivers/net/usb/hso.c" reads "if_num" from the USB device (as a u8) and uses it to index a small array. An authenticated local user with physical access to the system can use a malicious USB, trigger out-of-bounds read error and read contents of memory on the system.

6) Memory corruption (CVE-ID: CVE-2018-20169)

The vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists in the USB subsystem due to improper checks on the minimum and maximum size of data allowed when reading an extra descriptor by the USB subsystem of the affected software, related to the __usb_get_extra_descriptor in the drivers/usb/core/usb.c source code file. A local attacker can insert a USB device designed to submit malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

7) Resource management error (CVE-ID: CVE-2019-13648)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the "arch/powerpc/kernel/signal_32.c" and "arch/powerpc/kernel/signal_64.c" files on the PowerPC platform, when hardware transactional memory is disabled. A local authenticated attacker can make a "sigreturn()" system call that sends a signal frame that sends a signal frame that submits malicious input to the targeted system and cause a denial of service condition.

8) Memory leak (CVE-ID: CVE-2019-15916)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within register_queue_kobjects() function in net/core/net-sysfs.c, which will cause denial of service. A local user can perform a denial of service attack.

9) Use-after-free (CVE-ID: CVE-2019-19527)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use-after-free error in the drivers/hid/usbhid/hiddev.c driver. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/6981227