Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.0594
IBM Security Bulletin: Multiple vulnerabilities affect Intel Manycore
Platform Software Stack (Intel MPSS) for Linux and Windows
27 February 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM System x iDataplex Solution
Publisher: IBM
Operating System: Windows
Linux variants
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2018-18521 CVE-2018-18520 CVE-2018-18310
CVE-2018-16403 CVE-2018-16402 CVE-2018-16062
CVE-2018-7995 CVE-2018-6927 CVE-2018-5344
CVE-2018-5333 CVE-2018-5332 CVE-2018-1066
CVE-2017-18216 CVE-2017-18208 CVE-2017-18203
CVE-2017-18075 CVE-2017-16994 CVE-2017-15116
CVE-2017-14140 CVE-2017-8779 CVE-2015-9261
Reference: ESB-2019.0324
ESB-2018.3904
ESB-2018.3373
ESB-2018.1923
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10872832
- --------------------------BEGIN INCLUDED TEXT--------------------
Multiple vulnerabilities affect Intel Manycore Platform Software Stack (Intel
MPSS) for Linux and Windows
Product: System x iDataplex Solution
Reference #: 0872832
Security Bulletin
Summary
Intel Manycore Platform Software Stack (Intel MPSS) for Linux and Windows have
addressed the following vulnerabilities.
Vulnerability Details
CVEID: CVE-2015-9261
DESCRIPTION: BusyBox is vulnerable to a denial of service, caused by a flaw in
the huft_build in archival/libarchive/decompress_gunzip.c. By persuading a
victim to open a specially-crafted ZIP file, a remote attacker could exploit
this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
147643 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-18208
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
flaw in the madvise_willneed function in mm/madvise.c. By triggering use of
MADVISE_WILLNEED for a DAX mapping, a local attacker could exploit this
vulnerability to cause a denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139764 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-18075
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
mishandling of freeing instances by crypto/pcrypt.c. By executing a
specially-crafted sequence of system calls, a local authenticated attacker
could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138237 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-18216
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
NULL pointer dereference flaw in fs/ocfs2/cluster/nodemanager.c. By sending a
specially-crafted request, a local attacker could exploit this vulnerability to
cause a denial of service condition.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139923 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-18203
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
flaw in the dm_get_from_kobject function in drivers/md/dm.c. By leveraging a
race condition with __dm_destroy during creation and removal of DM devices, a
local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139759 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-15116
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by NULL
pointer dereference in the rngapi_reset function in crypto/rng.c. By sending a
specially-crafted packet, a remote attacker could exploit this vulnerability to
cause a denial of service condition.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
135735 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-16994
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive
information, caused by a flaw in the walk_hugetlb_range function in mm/
pagewalk.c. By using a specially-crafted system call, an attacker could exploit
this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
135497 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-8779
DESCRIPTION: rpcbind, LIBTIRPC, and NTIRPC are vulnerable to a denial of
service, caused by improper validation of XDR strings in memory allocation. By
sending a specially-crafted UDP packet, a remote attacker could exploit this
vulnerability to cause memory consumption.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125753 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-14140
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain
sensitive information, caused by improper validation of effective uid of the
target process in the move_pages system call in mm/migrate.c. By sending a
specially-crafted request, a local attacker could exploit this vulnerability to
learn the memory layout of a setuid executable despite ASLR.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
131413 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-18310
DESCRIPTION: elfutils is vulnerable to a denial of service, caused by an
invalid memory address dereference in dwfl_segment_report_module.c in libdwfl.
By persuading a victim to open a specially-crafted file, a remote attacker
could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
151273 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-18521
DESCRIPTION: elfutils is vulnerable to a denial of service, caused by a
divide-by-zero flaw in the function arlib_add_symbols() in arlib.c. By
persuading a victim to open a specially-crafted file, a remote attacker could
exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
151750 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-18520
DESCRIPTION: elfutils is vulnerable to a denial of service, caused by an
invalid memory address dereference exists in the function elf_end in libelf. By
persuading a victim to open a specially-crafted file, a remote attacker could
exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
151751 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-16402
DESCRIPTION: elfutils is vulnerable to a denial of service, caused by a double
free in the libelf/elf_end.c. By persuading a victim to open a
specially-crafted file, a remote attacker could exploit this vulnerability to
cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
149340 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-16403
DESCRIPTION: elfutils is vulnerable to a denial of service, caused by a
heap-based buffer overflow in the dwarf_getabbrev in dwarf_getabbrev.c and
dwarf_hasattr in dwarf_hasattr.c. By persuading a victim to open a
specially-crafted file, a remote attacker could exploit this vulnerability to
cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
149339 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-16062
DESCRIPTION: Elfutils is vulnerable to a denial of service, caused by a
heap-based buffer over-read in /elfutils/libdw/dwarf_getaranges.c. By
persuading a victim to open a specially crafted file, a remote attacker could
exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
149133 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7995
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
race condition in the store_int_with_restart function in arch/x86/kernel/cpu/
mcheck/mce.c. By leveraging root access to write to the check_interval file, a
local attacker could exploit this vulnerability to cause the system to panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
140100 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-6927
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an
integer overflow in the futex_requeue function in kernel/futex.c. By triggering
a negative wake or requeue value, a remote attacker could exploit this
vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139067 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-1066
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
NULL pointer dereference in the fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp()
function. An attacker controlling a CIFS server could exploit this
vulnerability to cause a kernel panic.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139836 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-5333
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an
rds_atomic_free_op NULL pointer dereference in the rds_cmsg_atomic function in
net/rds/rdma.c. A local attacker could exploit this vulnerability to cause the
system to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
137567 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-5332
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
heap-based out-of-bounds write in the rds_rdma_extra_size function in net/rds/
rdma.c. A local attacker could exploit this vulnerability to cause the system
to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
137569 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-5344
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free in the drivers/block/loop.c. A local attacker could exploit this
vulnerability to cause the system to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
137649 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
The following products used with Intel Xeon Phi PCI-Express cards (Intel Xeon
Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A, and Intel Xeon Phi
7210P) on the System x systems:
o iDataPlex dx360 M4
o NeXtScale nx360 M4
o PureFlex x220 M4 / x240 M4 / x240 M5
o x3850 X6 / x3950 X6
Product Affected Version
Intel Manycore Platform Software Stack (MPSS) for Linux & Windows 3.8
Remediation/Fixes
IBM recommends that you update the affected versions of Intel MPSS that are
used with Intel Xeon Phi cards supported in IBM System x Servers to MPSS
version 3.8.5 or later.
Instructions on how to download and apply the update are available at: https://
software.intel.com/en-us/articles/intel-manycore-platform-software-stack-mpss
Product Fixed Version
Intel Manycore Platform Software Stack (MPSS) for Linux & Windows 3.8.5
Workarounds and Mitigations
None
Reference
Complete CVSS v3 Guide
On-line Calculator v3
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories
Change History
25 February 2019: Initial version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Applicable countries and regions
o Worldwide
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXHX3eGaOgq3Tt24GAQgMuRAAq1p1ZyYpwKY11lQBNjNjxyI/GHed3pLY
Rs1S+XujXhzmWZLybesnLUQT1dQ/bFISUmGYPQj6SQUlmHP3cOFlaaYPs9Jnqu96
xhenhqoUraREO2KG7KN4TwcG+9j+OfTt4dmvwsySn7Gep2LLCzbrEFj+6uYyaHd5
MtGyxyTB6qlb9CGlzUMbXNlqenSlMxX+D0cR/lFRYg/IPXayLiHnPBDfREGSEP1C
GJGnj4nt0YfH4F+vURa7fllDcvfUScCHHrdkcqxn7X9gTCh0BTo1r0nCIZwpBVyk
4VHwm3+oQDORI+22/ZuC4Cp8g9/pLXLHGEdhyGazJAMd49Vvjn0Jsfh879R6c19i
WJlshY6DpErGjAX5LkekrMsIr0di2henjEqKU5KVfiDgfVm8wapqmQATvtsfi5gk
WVat6dq2OZmAc2Yh9Pwi0Evrdp5Hv0+XW4d3CzoLGkEYonzR72hYC+OP/XPwe/Wz
fpU6UEu9U3CR3yzWCoWmsA003ycmbZ/vZn2VVqbndSDG+jcTjAOLVrmtElCpkm8H
LR7gd9RnfHZLeJWpAZylE1GX1jnt8Sw+3QBF8IkH+ZOLJbJrLwRhbueoAmRn3sQ2
Yj4ogGkiJrHCeknJO9HKl4jODci3zFwWchlLoO1TeAMYNptH0V0RlSUauWmtEzLL
+Y5rFFO4NpE=
=fGC4
-----END PGP SIGNATURE-----