SB2022102714 - Multiple vulnerabilities in Dell EMC PowerFlex Rack

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2020-5366)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated user can send a specially crafted HTTP request and read arbitrary files on the system.

2) Heap-based buffer overflow (CVE-ID: CVE-2020-3967)

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error in EHCI controller. A local attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Out-of-bounds write (CVE-ID: CVE-2020-3968)

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in xHCI controller. A local attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

4) Race condition (CVE-ID: CVE-2020-3966)

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to a race condition in the USB 2.0 controller (EHCI). A local attacker can exploit the race, leading to heap-overflow and execute arbitrary code on the system.

5) Out-of-bounds read (CVE-ID: CVE-2020-3965)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the XHCI USB controller. A local attacker can trigger out-of-bounds read error and read contents of memory on the system.

6) Use-after-free (CVE-ID: CVE-2020-3963)

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in PVNVRAM. A local attacker can read privileged information contained in hypervisor memory from a virtual machine.

7) Out-of-bounds read (CVE-ID: CVE-2020-3964)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the EHCI USB controller. A local attacker can trigger out-of-bounds read error and read contents of memory on the system.

8) Out-of-bounds read (CVE-ID: CVE-2020-3960)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in NVMe functionality. A local attacker can trigger out-of-bounds read error and read contents of memory on the system.

9) Memory leak (CVE-ID: CVE-2020-3959)

The vulnerability allows a local user to perform denial of service (DoS) attack on the target system.

The vulnerability exists due memory leak in the VMCI module. A local user can force the application to leak memory and perform denial of service attack.

10) Out-of-bounds Write (CVE-ID: CVE-2020-10713)

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a "BootHole" issue. An attacker with physical access can install persistent and stealthy bootkits or malicious bootloaders, trigger out-of-bounds write and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://www.dell.com/support/kbdoc/en-us/000001679/dsa-2020-216-powerflex-rack-security-update-for-multiple-third-party-component-vulnerabilities