Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3443
Kernel as used by IBM QRadar Network Packet Capture contains
multiple vulnerabilities
15 October 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM QRadar Network Packet Capture Software
Publisher: IBM
Operating System: Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3347 CVE-2020-27170 CVE-2020-24513
CVE-2020-24512 CVE-2020-24511 CVE-2020-24489
CVE-2020-12364 CVE-2020-12363 CVE-2020-12362
CVE-2020-8648
Reference: ESB-2021.3075
ESB-2021.3074
ESB-2021.2957
ESB-2021.2945
ESB-2021.2940
Original Bulletin:
https://www.ibm.com/support/pages/node/6501139
- --------------------------BEGIN INCLUDED TEXT--------------------
Kernel as used by IBM QRadar Network Packet Capture contains multiple
vulnerabilities
Document Information
Document number : 6501139
Modified date : 14 October 2021
Product : IBM QRadar Network Packet Capture Software
Software version : 7.3, 7.4
Operating system(s): Linux
Summary
Kernel as used by IBM QRadar Network Packet Capture contains multiple
vulnerabilities
Vulnerability Details
CVEID: CVE-2020-12362
DESCRIPTION: Intel Graphics Drivers could allow a local authenticated attacker
to gain elevated privileges on the system, caused by an integer overflow in the
firmware. An attacker could exploit this vulnerability to gain elevated
privileges on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
196564 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2020-12363
DESCRIPTION: Intel Graphics Drivers are vulnerable to a denial of service,
caused by improper input validation. A local authenticated attacker could
exploit this vulnerability to cause a denial of service.
CVSS Base score: 1.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
196581 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2020-12364
DESCRIPTION: Intel Graphics Drivers are vulnerable to a denial of service,
caused by a NULL pointer reference error. A local authenticated attacker could
exploit this vulnerability to cause a denial of service.
CVSS Base score: 1.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
196582 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2020-27170
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain
sensitive information, caused by an out-of-bounds loads flaw. By executing
specially-crafted BPF programs, an attacker could exploit this vulnerability to
obtain contents of kernel memory, and use this information to launch further
attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
198453 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2020-8648
DESCRIPTION: Linux kernel could allow a remote attacker to obtain sensitive
information, caused by a use-after-free in the n_tty_receive_buf_common
function of drivers/tty/n_tty.c. An attacker could exploit this vulnerability
to read memory that should not be available for access.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175843 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2021-3347
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain
elevated privileges on the system, caused by a kernel stack use-after-free
during fault handling in PI futexes. An attacker could exploit this
vulnerability to gain elevated privileges and execute arbitrary code in the
kernel.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
195798 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2020-24489
DESCRIPTION: Multiple Intel Virtualization Technology for Directed I/0 (VT-d)
products could allow a local authenticated attacker to gain elevated privileges
on the system, caused by an incomplete cleanup. An attacker could exploit this
vulnerability to gain elevated privileges on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
203350 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2020-24511
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
obtain sensitive information, caused by improper isolation of shared resources.
By sending a specially-crafted request, an attacker could exploit this
vulnerability to obtain sensitive information.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
203398 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2020-24512
DESCRIPTION: Intel Processors could allow a local authenticated attacker to
obtain sensitive information, caused by the observable timing discrepancy
issue. By sending a specially-crafted request, an attacker could exploit this
vulnerability to obtain sensitive information.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
203396 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)
CVEID: CVE-2020-24513
DESCRIPTION: Intel Atom could allow a local authenticated attacker to obtain
sensitive information, caused by domain-bypass transient execution
vulnerability. A local attacker could exploit this vulnerability to obtain
sensitive information.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
203407 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Fix Pack 7
IBM QRadar Network Packet Capture 7.4.0 - 7.4.3 Fix Pack 1
Remediation/Fixes
IBM QRadar Network Packet Capture 7.3.3 Fix Pack 8
IBM QRadar Network Packet Capture 7.4.3 Fix Pack 2
Workarounds and Mitigations
None
Change History
13 Oct 2021: Initial Publication
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYWkRs+NLKJtyKPYoAQi3YBAAiHNvEdL/9p4stgSvNlrGRfa1ALa9pG1u
Rmii0dN8d5ooD96G/sfZ+qpq/XrFl+WTXybNZCQljECUqVPQH5QwUChym4ntC56+
vblHAgXZNchN2YBRq+qbq0Wn1VQlHIDAJcc1hwnMIv7qQt0uAJjONLGVvFX9urzI
KxLsNmgyTOIlsgA+SN42h5+dMhrtBiug09wDvjYxMyB1La5iCrA1lyXsWKWBitb5
sCFWHGcjviQ8tIEkmQSv4wixPIHaMPWZosOs5PnTp4gHrE2SIE5Qfd0DSmosX8lh
5u+CB6ZMPYaZ8auJtELeuSHxhdDo7+IA2dBvFqe00ayW1zxbBPEa5T9+scJ4fPeR
AH3qhTU5O8qaXc71VFjx8kd5iMDGy1I+qa7J3Rdq6pesKfhz2lCT/4AbVVwyGdGC
KCWb/TQ2MVda5XeBpy8EfYKB+HgChBhQmenh2msMN/any2uidQVv96hr+nr5+k5T
sT/iWh4tBxBRW4UtZBGfexpSYSe4rWZZ3VgcP0krq6Q9a9srBrM3Wzr/WDkz46E3
G9yUbIGuZYtgBGGa+inKQaeTKV1f7yoycGtet4yAbJcMuarjyoxwfUjdpDWkkxKh
zjVZ97vtm/ua3RM2ZD6tHuUoYM3AzMYXoRjsb7OdD4vD//NPq44+ujkh20ZtKTNs
D22M3a7OrsI=
=skSN
-----END PGP SIGNATURE-----