Cloud security daily 220630: the IBM data protection platform has found an arbitrary code execution vulnerability, which needs to be upgraded as soon as possible

IBM Spectrum Protect Plus Is the U.S. IBM A set of data protection platform of the company . The platform provides a single point of control and management for enterprises , And support the virtual of all scales 、 Physical and cloud environments for backup and recovery .

6 month 29 Japan ,IBM An emergency security update has been released , Repair the IBM Spectrum Protect Plus Some important vulnerabilities found in the data protection platform . Here are the details of the vulnerability ：

Vulnerability Details

source ：https://www.ibm.com/support/pages/node/6596971

1.CVE-2021-4154 CVSS score ：8.8 severity ： serious

Linux The kernel may allow local authenticated attackers to gain elevated privileges on the system , This is due to the kernel/cgroup/cgroup-v1.c Medium cgroup1_parse_param Found in the use-after-free Caused by vulnerability . By using fsconfig syscall Parameters , An attacker can exploit this vulnerability to elevate privileges .

2.CVE-2021-44733 CVSS score ：8.4 severity ： serious

Linux Kernel It may allow local attackers to execute arbitrary code on the system , This is from TEE In the subsystem drivers/tee/tee_shm.c Medium use-after-free Defects caused by . By performing a special procedure , An attacker can use this vulnerability to execute arbitrary code or cause a denial of service condition on the system .

3.CVE-2021-44733 CVSS score ：8.4 severity ： serious

Linux Kernel It may allow local attackers to execute arbitrary code on the system , This is from kernel/bpf/stackmap.c Medium prealloc_elems_and_freelist Function eBPF Multiplicative integer overflow . By sending a special request , An attacker can exploit this vulnerability to execute arbitrary code on the system .

4.CVE-2021-44733 CVSS score ：8.4 severity ： serious

Linux Kernel It may allow local attackers to execute arbitrary code on the system , This is from drivers/infiniband/core/ucma.c Medium use-after-free Defects caused by . By sending a special request , An attacker can use this vulnerability to execute arbitrary code or cause a denial of service condition on the system .

5.CVE-2022-0847 CVSS score ：7.8 severity ： important

because copy_page_to_iter_pipe and push_pipe Improper function initialization ,Linux The kernel may allow local authenticated attackers to gain elevated privileges on the system . By writing pages in the page cache supported by read-only files , An authenticated attacker can use this vulnerability to gain elevated privileges .

6.CVE-2022-0492 CVSS score ：7.8 severity ： important

Linux Kernel It may allow an attacker with local authentication to gain elevated privileges on the system , This is from cgroups v1 release_agent Caused by defects in the function . By sending a special request , An authenticated attacker can use this vulnerability to gain elevated privileges and accidentally bypass namespace isolation .

7.CVE-2022-1011 CVSS score ：7.8 severity ： important

Linux Kernel It may allow an attacker with local authentication to gain elevated privileges on the system , This is from FUSE In the file system use-after-free Defects caused by . By using write() Function to send a special request , An authenticated attacker can exploit this vulnerability to gain unauthorized access FUSE Some data in the file system , So as to obtain the elevated permission .

8.CVE-2021-4157 CVSS score ：7.8 severity ： important

Linux The kernel may allow local authenticated attackers to gain elevated privileges on the system , This is from NFS Caused by an out of Bounds Write defect in the subsystem . By sending a special request , An authenticated attacker can use this vulnerability to gain elevated privileges or crash the system .

9.CVE-2022-0185 CVSS score ：7.8 severity ： important

Linux The kernel is vulnerable to heap based buffer overflows , This is from fs/fs_context.c in legacy_parse_param Function caused by integer underflow . By sending a special request , An authenticated local attacker can overflow the buffer and root Permission to execute arbitrary code on the system .

Affected products and versions

IBM Spectrum Protect Plus 10.1.0-10.1.10.2 edition

Solution

about Linux and Windows platform ：

upgrade Spectrum Protect Plus to 10.1.11 Version repairable

View more vulnerability information And upgrade, please visit the official website ：

https://www.ibm.com/blogs/psirt/