There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available.
CVEID:CVE-2020-14385
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a failure of the file system metadata validator in XFS. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the system to shutdown.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188394 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2020-26541
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by improper enforcing the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189232 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-10773
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a stack information leak flaw in s390/s390x in the memory manager functionality. An attacker could exploit this vulnerability to obtain kernel data.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185378 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2019-20636
**DESCRIPTION:**Linux Linux could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the input_set_keycode function. By using a specially-crafted keycode table, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181202 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-12826
**DESCRIPTION:**Linux Kernel could allow a local attacker to bypass security restrictions, caused by a signal access-control issue in exec_id in include/linux/sched.h. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass checks to send any signal to a privileged process.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182113 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Elastic Storage System | 6.0.0 - 6.0.1.1 |
IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000 and 5000 to the following code levels or higher:
V6.0.1.2 or later.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm elastic storage server | eq | 6.0 |