ClevOS update for IBM Cloud Object Storage Systems



Published: 2022-09-20 | Updated: 2022-11-10
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2021-29155
CVE-2021-23133
CWE-ID CWE-125
CWE-362
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
ClevOS
Operating systems & Components / Operating system

Vendor Clevo

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU67490

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-29155

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism. A local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ClevOS: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-oct-2021-v2/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Race condition

EUVDB-ID: #VU53006

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-23133

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in Linux kernel SCTP sockets (net/sctp/socket.c). If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by a local user with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.

Mitigation

Install update from vendor's website.

Vulnerable software versions

ClevOS: All versions


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-oct-2021-v2/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###