Multiple vulnerabilities in IBM QRadar SIEM



| Updated: 2024-10-25
Risk High
Patch available YES
Number of vulnerabilities 103
CVE-ID CVE-2023-0458
CVE-2023-1989
CVE-2023-1855
CVE-2023-1252
CVE-2023-1206
CVE-2023-1118
CVE-2023-1079
CVE-2023-1075
CVE-2023-1074
CVE-2023-0597
CVE-2023-0590
CVE-2022-42895
CVE-2023-23455
CVE-2022-3640
CVE-2023-1073
CVE-2023-6356
CVE-2023-1838
CVE-2023-46813
CVE-2023-4623
CVE-2023-5717
CVE-2023-6535
CVE-2023-6536
CVE-2023-45871
CVE-2023-4622
CVE-2023-1998
CVE-2023-2513
CVE-2023-5178
CVE-2023-4155
CVE-2022-26691
CVE-2020-10001
CVE-2023-34241
CVE-2023-32324
CVE-2020-3898
CVE-2019-8696
CVE-2019-8675
CVE-2024-1488
CVE-2023-52425
CVE-2023-4732
CVE-2023-4132
CVE-2023-26545
CVE-2023-3772
CVE-2023-3609
CVE-2023-35824
CVE-2023-35823
CVE-2023-33203
CVE-2023-3268
CVE-2023-3212
CVE-2023-3161
CVE-2023-31436
CVE-2023-3141
CVE-2023-28328
CVE-2023-2162
CVE-2023-3812
CVE-2022-41858
CVE-2023-33951
CVE-2023-31084
CVE-2023-30456
CVE-2023-28772
CVE-2023-2176
CVE-2023-2166
CVE-2023-1382
CVE-2022-4744
CVE-2022-45887
CVE-2022-45869
CVE-2022-40133
CVE-2023-40283
CVE-2022-38457
CVE-2022-38096
CVE-2022-36402
CVE-2022-3594
CVE-2022-3545
CVE-2022-28388
CVE-2021-43975
CVE-2007-4559
CVE-2014-3146
CVE-2018-19787
CVE-2023-33952
CVE-2023-45862
CVE-2023-2163
CVE-2022-48624
CVE-2023-1192
CVE-2022-45919
CVE-2022-45884
CVE-2023-6546
CVE-2021-33631
CVE-2024-27269
CVE-2021-43618
CVE-2023-3138
CVE-2023-50868
CVE-2023-50387
CVE-2024-1086
CVE-2023-4921
CVE-2024-0646
CVE-2024-0565
CVE-2023-7192
CVE-2023-6932
CVE-2023-6931
CVE-2023-6817
CVE-2023-6610
CVE-2023-6606
CVE-2023-5633
CVE-2023-51043
CVE-2023-51042
CWE-ID CWE-476
CWE-416
CWE-400
CWE-843
CWE-401
CWE-824
CWE-119
CWE-284
CWE-787
CWE-254
CWE-362
CWE-285
CWE-125
CWE-122
CWE-121
CWE-862
CWE-415
CWE-682
CWE-833
CWE-20
CWE-190
CWE-532
CWE-22
CWE-79
CWE-770
CWE-78
CWE-200
CWE-191
Exploitation vector Network
Public exploit Public exploit code for vulnerability #18 is available.
Public exploit code for vulnerability #25 is available.
Public exploit code for vulnerability #27 is available.
Public exploit code for vulnerability #33 is available.
Public exploit code for vulnerability #74 is available.
Public exploit code for vulnerability #75 is available.
Public exploit code for vulnerability #76 is available.
Public exploit code for vulnerability #89 is available.
Public exploit code for vulnerability #90 is available.
Vulnerability #91 is being exploited in the wild.
Vulnerable software
IBM Qradar SIEM
Client/Desktop applications / Other client software

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 103 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU76223

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0458

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the do_prlimit() function. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU75452

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1989

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btsdio_remove() function in driversluetoothtsdio.c. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU75451

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1855

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xgene_hwmon_remove() function in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). A local user can trigger a use-after-free error and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU82761

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1252

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource exhaustion

EUVDB-ID: #VU77953

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU72734

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1118

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel integrated infrared receiver/transceiver driver "drivers/media/rc/ene_ir.c" when detaching rc device. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU72741

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1079

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the vulnerable system.

The vulnerability exists due to a use-after-free error within the asus_kbd_backlight_set() function when plugging in a malicious USB device. An attacker with physical access to the system can inject a malicious USB device, trigger a use-after-free error and execute arbitrary code.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Type Confusion

EUVDB-ID: #VU72700

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1075

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the tls_is_tx_ready() function in the net/tls stack of the Linux Kernel. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU74124

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak in Linux kernel Stream Control Transmission Protocol. A local user can start a malicious network service and then connect to remotely, forcing the kernel to leak memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU73765

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0597

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to memory leak within the Linux kernel cpu_entry_area mapping of X86 CPU data. A local user can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU72098

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0590

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the qdisc_graft() function in net/sched/sch_api.c. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Access of Uninitialized Pointer

EUVDB-ID: #VU69796

Risk: Low

CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42895

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to unauthorized access of uninitialized pointer within the l2cap_parse_conf_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Type Confusion

EUVDB-ID: #VU71477

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-23455

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the atm_tc_enqueue() function in net/sched/sch_atm.c in the Linux kernel. A local user can trigger a type confusion error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU70463

Risk: Medium

CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3640

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error in the 2cap_conn_del() function in net/bluetooth/l2cap_core.c in Linux kernel. An attacker with physical proximity to device can trigger a use-after-free error and execute arbitrary code on the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU74123

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1073

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a boundary error in the Linux kernel human interface device (HID) subsystem. An attacker with physical access to the system can insert in a specific way malicious USB device, trigger memory corruption and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU85854

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6356

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_iovec() function in the Linux kernel's NVMe driver. A remote attacker can pass specially crafted TCP packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU75205

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1838

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the vhost_net_set_backend() function in drivers/vhost/net.c. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper access control

EUVDB-ID: #VU82764

Risk: Low

CVSSv3.1: 7.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-46813

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses. A local user can gain arbitrary write access to kernel memory and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

19) Use-after-free

EUVDB-ID: #VU81664

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4623

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: sch_hfsc (HFSC qdisc traffic control) component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds write

EUVDB-ID: #VU83311

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5717

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU85853

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6535

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_execute_request() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU85852

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6536

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the __nvmet_req_complete() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU83381

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45871

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c when handling frames larger than the MTU. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU80583

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4622

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unix_stream_sendpage() function in af_unix component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Security features bypass

EUVDB-ID: #VU75454

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-1998

CWE-ID: CWE-254 - Security Features

Exploit availability: Yes

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Spectre v2 SMT mitigations, related to calling prctl with PR_SET_SPECULATION_CTRL. An attacker can gain unauthorized access to kernel memory from userspace.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

26) Use-after-free

EUVDB-ID: #VU76455

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2513

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4 filesystem in the way it handled the extra inode size for extended attributes. A local user can trigger a use-after-free error and escalate privileges on the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU82658

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-5178

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

28) Race condition

EUVDB-ID: #VU79488

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4155

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in KVM AMD Secure Encrypted Virtualization (SEV) in Linux kernel. A local user can exploit the race and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper Authorization

EUVDB-ID: #VU63747

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26691

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in implementation of "Local" authorization mechanism. A remote attacker can authenticate as to CUPS as root/admin without the 32-byte secret key and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU50402

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10001

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the ippReadIO() function in CUPS. A remote attacker can send specially crafted data to the affected application, trigger an out-of-bounds read error and read contents of memory on the system or crash the service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU77641

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34241

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in cupsdAcceptClient(). A remote attacker can cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Heap-based buffer overflow

EUVDB-ID: #VU76761

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-32324

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the format_log_line() function cups/string.c when the "loglevel" is set to "DEBUG". A remote attacker can pass specially crafted data to the daemon, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Heap-based buffer overflow

EUVDB-ID: #VU27341

Risk: Medium

CVSSv3.1: 7.2 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-3898

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing files within the ppdFindOption() function in cups. A remote attacker can send specially crafted data to the daemon, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

34) Stack-based buffer overflow

EUVDB-ID: #VU23040

Risk: High

CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8696

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing SNMP requests within the asn1_get_packed() function in cups/snmp.c. A remote attacker with access to the the SNMP service can send a specially crafted request to the application, trigger a stack-based buffer oveflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Stack-based buffer overflow

EUVDB-ID: #VU23042

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8675

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing SNMP requests within the asn1_get_type() function in cups/snmp.c. A remote attacker can send a specially crafted SNMP request to the CUPS service, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Missing authorization

EUVDB-ID: #VU87749

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-1488

CWE-ID: CWE-862 - Missing Authorization

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to missing authorization in the unbound.service that listens on localhost on port 8953. A local user can send a specially crafted request and alter the server configuration.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Resource exhaustion

EUVDB-ID: #VU86230

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52425

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing large tokens. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Race condition

EUVDB-ID: #VU83479

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4732

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition caused by a BUG statement referencing pmd_t x within the pfn_swap_entry_to_page () function. A local user can exploit the race and crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Use-after-free

EUVDB-ID: #VU79712

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4132

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the siano smsusb module in the Linux kernel. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Double Free

EUVDB-ID: #VU73766

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-26545

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a double free in net/mpls/af_mpls.c during the renaming of a device. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) NULL pointer dereference

EUVDB-ID: #VU80578

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3772

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU78941

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3609

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: cls_u32 component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU78062

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35824

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dm1105_remove() function in drivers/media/pci/dm1105/dm1105.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Race condition

EUVDB-ID: #VU77957

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35823

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the saa7134_finidev() function in drivers/media/pci/saa7134/saa7134-core.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Race condition

EUVDB-ID: #VU77496

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33203

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a race condition in drivers/net/ethernet/qualcomm/emac/emac.c. An attacker with physical access to the system can exploit the race by unplugging an emac based device and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds read

EUVDB-ID: #VU78008

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3268

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the relay_file_read_start_pos() function in kernel/relay.c in the relayfs. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) NULL pointer dereference

EUVDB-ID: #VU78009

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3212

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the gfs2 file system in the Linux kernel. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Incorrect calculation

EUVDB-ID: #VU77956

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3161

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation in the Framebuffer Console (fbcon) in the Linux kernel. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Out-of-bounds write

EUVDB-ID: #VU76098

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31436

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the qfq_change_class() function in net/sched/sch_qfq.c when handling the MTU value provided to the QFQ Scheduler. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU77955

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3141

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the r592_remove() function of drivers/memstick/host/r592.c in media access in the Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU74126

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28328

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU75994

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2162

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Out-of-bounds write

EUVDB-ID: #VU78928

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3812

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the TUN/TAP device driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) NULL pointer dereference

EUVDB-ID: #VU70467

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41858

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the sl_tx_timeout() function in drivers/net/slip in Linux kernel. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Race condition

EUVDB-ID: #VU78539

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33951

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition when handling GEM objects within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can exploit the race and gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Deadlock

EUVDB-ID: #VU77246

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31084

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a deadlock in drivers/media/dvb-core/dvb_frontend.c when a task is in !TASK_RUNNING. A local user can trigger a deadlock and crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Input validation error

EUVDB-ID: #VU75456

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-30456

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of consistency for for CR0 and CR4 in arch/x86/kvm/vmx/nested.c in the Linux kernel. A local user can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Buffer overflow

EUVDB-ID: #VU74627

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28772

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the seq_buf_putmem_hex() function in lib/seq_buf.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Out-of-bounds read

EUVDB-ID: #VU75995

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2176

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) NULL pointer dereference

EUVDB-ID: #VU79495

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2166

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in net/can/af_can.c when processing CAN frames. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) NULL pointer dereference

EUVDB-ID: #VU74550

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1382

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in net/tipc/topsrv.c within the TIPC protocol implementation in the Linux kernel. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Double Free

EUVDB-ID: #VU74053

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4744

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the tun_free_netdev() function in the Linux kernel’s TUN/TAP device driver. A local user can trigger a double free error and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Race condition

EUVDB-ID: #VU75338

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45887

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in drivers/media/usb/ttusb-dec/ttusb_dec.c in Linux kernel. A local user can exploit the race and crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Race condition

EUVDB-ID: #VU70502

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45869

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a race condition within the x86 KVM subsystem in the Linux kernel when nested virtualisation and the TDP MMU are enabled. A remote  user on the guest OS can exploit the race and crash the host OS.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Use-after-free

EUVDB-ID: #VU80794

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40133

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the vmw_execbuf_tie_context() function in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use-after-free

EUVDB-ID: #VU79714

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40283

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Use-after-free

EUVDB-ID: #VU80790

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-38457

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the vmw_cmd_res_check() function in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can trigger a use-after-free error and crash the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) NULL pointer dereference

EUVDB-ID: #VU73764

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-38096

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Integer overflow

EUVDB-ID: #VU80799

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-36402

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can trigger an integer overflow and crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU69707

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3594

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the intr_callback() function in drivers/net/usb/r8152.c can be forced to include excessive data info the log files. A local user can read the log files and gain access to sensitive data.

Note, the vulnerability can be triggered remotely.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Buffer overflow

EUVDB-ID: #VU69758

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3545

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the area_cache_get() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Double Free

EUVDB-ID: #VU63160

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-28388

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to boundary error in the usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Out-of-bounds write

EUVDB-ID: #VU62485

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43975

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the hw_atl_utils_fw_rpc_wait() function in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c in Linux kernel. A local user can attach a specially crafted device to the system, trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Path traversal

EUVDB-ID: #VU67583

Risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2007-4559

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper validation of filenames in the tarfile module in Python. A remote attacker can create a specially crafted archive with symbolic links inside or filenames that contain directory traversal characters (e.g. "..") and overwrite arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

75) Cross-site scripting

EUVDB-ID: #VU41671

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2014-3146

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

76) Cross-site scripting

EUVDB-ID: #VU16583

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-19787

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to lxml/html/clean.py in the lxml.html.clean module does not remove javascript. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

77) Double free

EUVDB-ID: #VU78528

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-33952

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when handling vmw_buffer_object objects within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can trigger a double free error and execute arbitrary code on the target system with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU82766

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-45862

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the ENE UB6250 reader driver in drivers/usb/storage/ene_ub6250.c. A local user can trigger a boundary error and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Out-of-bounds write

EUVDB-ID: #VU79673

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2163

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in BPF verifier caused by improper marking of registers for precision tracking in certain situations. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) OS Command Injection

EUVDB-ID: #VU86885

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48624

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Use-after-free

EUVDB-ID: #VU81923

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1192

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_is_status_io_timeout() function in Linux kernel. A local user can set environment variable to a specific value, trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Use-after-free

EUVDB-ID: #VU75337

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45919

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvb_ca_en50221.c in Linux kernel. A local user can trigger a race condition and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Use-after-free

EUVDB-ID: #VU75333

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvbdev.c in Linux kernel related to dvb_register_device() function dynamically allocating fops. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Race condition

EUVDB-ID: #VU85241

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6546

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the GSM 0710 tty multiplexor in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Integer overflow

EUVDB-ID: #VU86575

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33631

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow when mounting a malicious filesystem. A local user can mount a specially crafted filesystem, trigger an integer overflow and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Information disclosure

EUVDB-ID: #VU89338

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27269

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote privileged user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote privileged user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Integer overflow

EUVDB-ID: #VU63553

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43618

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in mpz/inp_raw.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Out-of-bounds write

EUVDB-ID: #VU77450

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3138

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within src/InitExt.c in libX11. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Resource exhaustion

EUVDB-ID: #VU86378

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-50868

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

90) Resource exhaustion

EUVDB-ID: #VU86377

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-50387

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing DNSSEC related records. A remote attacker can trigger resource exhaustion by forcing the DNS server to query a specially crafted DNSSEC zone and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

91) Use-after-free

EUVDB-ID: #VU86577

Risk: High

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-1086

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

92) Use-after-free

EUVDB-ID: #VU81693

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4921

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Out-of-bounds write

EUVDB-ID: #VU86246

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0646

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input in the Linux kernel’s Transport Layer Security functionality in the way a user calls a function splice with a ktls socket as the destination. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Integer underflow

EUVDB-ID: #VU86552

Risk: High

CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0565

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow within the receive_encrypted_standard() function in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. A remote attacker can trick the victim to connect to a malicious SMB server, trigger an integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Memory leak

EUVDB-ID: #VU86248

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-7192

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the ctnetlink_create_conntrack() function in net/netfilter/nf_conntrack_netlink.c. A local user with CAP_NET_ADMIN privileges can perform denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Use-after-free

EUVDB-ID: #VU84585

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6932

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to a use-after-free error within the ipv4 igmp component in Linux kernel. A local authenticated user can trigger a use-after-free error and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Out-of-bounds write

EUVDB-ID: #VU85021

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6931

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's Performance Events system component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Use-after-free

EUVDB-ID: #VU84586

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6817

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Out-of-bounds read

EUVDB-ID: #VU85443

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6610

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the smb2_dump_detail() function in fs/smb/client/smb2ops.c. A local user can trigger an out-of-bounds read error and gain access to sensitive information or crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Out-of-bounds read

EUVDB-ID: #VU85442

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6606

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a boundary condition within the smbCalcSize() function in fs/smb/client/netmisc.c file. A local user can trigger an out-of-bounds read error and gain access to sensitive information or crash the kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Use-after-free

EUVDB-ID: #VU83384

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-5633

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error when running inside a VMware guest with 3D acceleration enabled. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Use-after-free

EUVDB-ID: #VU86268

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-51043

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/gpu/drm/drm_atomic.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Use-after-free

EUVDB-ID: #VU86560

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-51042

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_cs_wait_all_fences() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Qradar SIEM: before 7.5.0 UP8 IF02

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150684


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###