SB2025020423 - Multiple vulnerabilities in IBM RackSwitch firmware products

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2020-13974)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within drivers/tty/vt/keyboard.c if k_ascii is called several times in a row. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

2) Use of uninitialized resource (CVE-ID: CVE-2020-10732)

The vulnerability allows a local user to read memory contents or crash the application.

The vulnerability exists due to use of uninitialized resource error within the fill_thread_core_info() function in fs/binfmt_elf.c. A local user can read memory contents or crash the application.

3) Out-of-bounds read (CVE-ID: CVE-2020-14314)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists.

4) Input validation error (CVE-ID: CVE-2020-12770)

The vulnerability allows a local user to execute arbitrary code on the system.

The vulnerability exists due to the "sg_write" lacks an "sg_remove_request" call in a certain failure case. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/6382336