IBM Support

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Security Bulletin


Summary

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

Vulnerability Details

CVEID: CVE-2017-16939
Description: Linux Kernel could allow a remote attacker to gain elevated privileges on the system, caused by an use-after-free in the Netlink socket subsystem XFRM. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain privileges.
CVSS Base Score: 9.80
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/135317 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2018-1000199
Description: Linux Kernel is vulnerable to a denial of service, caused by a ptrace() error handling flaw. By invoking the modify_user_hw_breakpoint() function, a local attacker could exploit this vulnerability to cause the kernel to crash.
CVSS Base Score: 6.20
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/142654 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2018-10675
Description: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the do_get_mempolicy function in mm/mempolicy.c. By using specially crafted system calls, a local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.20
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/142895 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2018-1068
Description: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error in the implementation of 32 bit syscall interface. An attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base Score: 8.10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/140403 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2018-1087
Description: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of exceptions delivered after a stack switch operation using the MOV to SS and POP SS instructions by the KVM hypervisor. An attacker could exploit this vulnerability to gain elevated privileges or cause the guest to crash.
CVSS Base Score: 8.40
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/142976 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2018-1091
Description: Linux Kernel is vulnerable to a denial of service, caused by a missing processor feature check in the flush_tmregs_to_thread function. A local attacker could exploit this vulnerability to cause the guest kernel to crash.
CVSS Base Score: 6.20
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/140892 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2018-3620
Description: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts. Note: This vulnerability is also known as the "L1 Terminal Fault (L1TF)" or "Foreshadow" attack.
CVSS Base Score: 7.10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148318 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2018-3646
Description: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks and via a terminal page fault, an attacker with guest OS privilege could exploit this vulnerability to leak information residing in the L1 data cache and read data belonging to different security contexts.
CVSS Base Score: 7.10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148319 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2018-3665
Description: Intel Core-based microprocessors could allow a local attacker to obtain sensitive information, caused by utilizing the Lazy FP state restore technique for floating point state when context switching between application processes. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to determine register values of other processes. Note: This vulnerability is known as LazyFP.
CVSS Base Score: 4.30
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/144757 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CVEID: CVE-2018-3693
Description: Intel Haswell Xeon, AMD PRO and ARM Cortex A57 CPUs could allow a local authenticated attacker to obtain sensitive information, caused by a bounds check bypass in the CPU speculative branch instruction execution feature. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to cross the syscall boundary and read data from the CPU virtual memory.
CVSS Base Score: 7.10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/146191 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2018-5390
Description: Linux Kernel is vulnerable to a denial of service, caused by an error in the tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions. By sending specially crafted packets within ongoing TCP sessions, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 7.50
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/147950 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2018-7566
Description: Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by user-supplied input. By using an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.80
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/141112 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2018-8897
Description: Multiple operating systems could allow a local authenticated attacker to gain elevated privileges on the system, caused by developer interpretation of hardware debug exception documentation for the MOV to SS and POP SS instructions. An attacker could exploit this vulnerability using operating system APIs to obtain sensitive memory information or control low-level operating system functions and other unexpected behavior.
CVSS Base Score: 7.00
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/142242 for the current score
CVSS Environmental Score: *Undefined
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products and Versions

IBM QRadar SIEM 7.3.0 to 7.3.1 Patch 6

Remediation/Fixes

QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 7

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Reference

Complete CVSS v3 Guide
On-line Calculator v3

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

30 November 2018: First Publish

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document information

More support for: IBM QRadar SIEM

Software version: 7.3

Operating system(s): Linux

Software edition: All Editions

Reference #: 0742755

Modified date: 03 December 2018