-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Security Advisory ID: OSA-8 Release Date: 2023-11-22 Revision: 1.1 OMICRON Product Security Team | security@omicronenergy.com Linux Kernel Vulnerability in IGB Driver affecting StationGuard and StationScout Summary - - - - - - - - ----------------------------------------------------------------- Linux Kernel vulnerability CVE-2023-45871 allows an attacker to cause memory corruption in the network driver of the *BX device by sending special crafted network traffic. The behaviour of the system caused by memory corruption is highly unpredictable: the device is either restarted, processes crash, or a manual reboot is required. This Linux Kernel vulnerability was found and reported by OMICRON electronics (see: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f). Affected OMICRON Products - - - - - - - - ----------------------------------------------------------------- This Linux Kernel vulnerability affects the following OMICRON products: > StationGuard Image 2.10.0073 on all platforms > StationGuard Image 2.20.0080 on all platforms > StationGuard Image 2.21.0081 on all platforms > StationScout Image 2.10.0059 on all platforms > StationScout Image 2.20.0063 on all platforms > StationScout Image 2.21.0064 on all platforms Vulnerability Classification - - - - - - - - ----------------------------------------------------------------- > CVE-2023-45871 > CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') > Base Score: 9.8 > Risk Class: Critical > Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Security Advisory - - - - - - - - ----------------------------------------------------------------- Mitigation: OMICRON has released StationGuard 2.30 (with device image version 2.30.0092) and StationScout 2.30 (with device image version 2.30.0066) which address the issue and fix the vulnerability. It is strongly recommended that customers currently using the affected versions install the latest update available on the customer portal (registration required) as soon as possible to ensure the security of their system. More information about StationGuard and StationScout, including the link to download them, can be found on https://www.omicronenergy.com/en/products/stationguard/ and https://www.omicronenergy.com/en/products/stationscout/ Acknowledgments - - - - - - - - ----------------------------------------------------------------- None -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEkPJvkWGGIuqv8Qag8BT0uMcuyBgFAmVd2NkACgkQ8BT0uMcu yBi8Hg/9FRy81ZBdVqxCAkLDXd+w2ttmKZVJm/zdp2CY0J7lDnuZbTiyc4meJUTB V2yBNlvMw5PmqBve17CoqzUZ3hwPb8WMvxrj0SRhQ+shwbfZAxFmEM6644hBL9hT kbIYubKq5DWyOrAi+S69HHxaFrDLgnQKGBGDHtbODtuKe+VImr0y9rxNdBIdd1Si H9A01xosrOYG2Y7HShwfkHu+uo1sgMBTCrD2Z0rA9XmX+gLGym7LtOy9ANKjiS7W 4eCuNEVHPPK6VL6w7YLQUHFxarZ/JkXpGwHMJYschCwb1E2CXvh4zf/yLt4cL/g6 cAqUVmPYsqegoZNq2TzyYPlrFivggEDKFI8QR4W2+Shko/cN2sJhqcrEzk6D8V2i KbXg6tDOb+edJ1pn4aizdtO9hE++lkEFGTESc4u4eebLOzAxs4NdbTV8oev2pHw5 xtyu77AyV3h2YS19sJ1eGcopCpZ2kaCz8uUZC4XTVQVlTPVLbKFu+Sr25GXY4d/8 fNtYo8wtTvD9XH2dGNnlv1KPn9Q8pR4h5QLyvrtTRI2ZhB/XnVDjdbkUvH8wp1+I 6OUb4m8P+uznB0WjNcZjdv1Cfpy/F/dyNUrNxMsLVi2jBH2mjYmdjE08ObkUI0Qz ZcN7KtXCAfRHERtO5Jx5GqU39KrKLyzSMD1NjjSa+bfBB/YVfTw= =yDIN -----END PGP SIGNATURE-----