**What is the version information for this release?**

Microsoft Edge Version

Date Released

Based on Chromium Version

96.0.1052.29

11/19/2021

96.0.4664.45

CVE-2021-43220: Microsoft Edge for iOS Spoofing Vulnerability

In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed.

**\[5.1.2\] (2021-11-16)#****Bug Fixes#**

*   **Android:** Handle errors related to Android Keystore Operations
*   **iOS, Android:** outdated/missing error message with a malformed config object passed
*   **iOS:** Fixes a class name collision with DevicePlugin between IdentityVault and @capacitor/device

**\[5.1.1\] (2021-10-27)#****Bug Fixes#**

*   Fixing crash while importing complex objects
*   Removing built in localizations

**Change Log#**

**\[5.1.0\] (2021-10-11)**

**Bug Fixes#**

*   **iOS:** Throw VaultError.biometricsLockedOut error when device biometrics is locked out
*   Don't unnecessarily trigger onError for MissingBiometricError
*   Don't call `setIsStrongBoxBacked(true)` on devices that do not have secure hardware

**Features#**

*   Add hasSecureHardware device check

**Change Log#****\[5.0.5\] (2021-09-30)#****Bug Fixes#**

*   (Android): Setting Device.isLockedOutOfBiometrics after lockout
*   (iOS) Remove vault on re-install
*   Allow DeviceSecurity vaults to be cleared without biometrics
*   Security: Closing loophole allowing bypass of invalid unlock attempts
*   Security: Implementing stronger Android KeyStore protections
*   Security: Properly set setUserAuthenticationParam based on deviceSecurityType

**Change Log#****\[5.0.4\] (2021-09-17)#****Bug Fixes#**

*   Properly handle invalidated or changed biometrics

**\[5.0.3\] (2021-09-07)#****Bug Fixes#**

*   fixing lockOnBackgrounded regression

**\[5.0.2\] (2021-09-01)#****Bug Fixes#**

*   Adding requirement for cordova-android 10.0.0
*   Changing CustomPasscode vault keychain access control requirements
*   Clear InMemoryVault when locked
*   Don't attempt to get values from non-existent vault
*   Handle null / undefined `lockAfterBackgrounded` setting on Android
*   replaces deprecated functions and removes swift warnings from compiler
*   Unifying biometric attempt error codes between iOS and Android

**\[5.0.1\] (2021-08-10)#****Bug Fixes#**

*   fixes splash screen not dismissing on iOS when hideScreenOnBackground is enabled
*   fixes support for iv5 in cordova apps
*   Use correct encoding for encoding vault data

**\[5.0.0\] (2021-07-28)#****BREAKING CHANGES#**

*   New API Surface - See the migration guide for full migration details

**Features#**

*   Simplified API surface
*   Improved compatibility with React, Vue, and plain JS.
*   Enhanced Local Development Experience
    *   Non-Secure Browser Vault Implementation
*   Android Class 2 Biometrics Support (See announcement blog for details)

**\[4.3.3\] (2021-06-14)#****Bug Fixes#**

*   **core:** fixing incorrect plugin.xml version

**\[4.3.2\] (2021-06-11)#****Bug Fixes#**

*   **android:** disable passive biometric confirmation step (to fix issue related to face unlock on Samsung devices)

**\[4.3.1\] (2021-05-24)#****Bug Fixes#**

*   **ios:** remove the `import Cordova` added by Capacitor

**\[4.3.0\] (2021-05-20)#****Bug Fixes#**

*   **core:** isBiometricsSupported should return true for devices with strong faceid on android
*   **core:** returning appropriate error codes for disabled biometrics and canceled auth

**Features#**

*   added setHideScreenOnBackground to allow turning on/off hiding as needed
    
*   **core:** adding option to configure biometric prompt text on iOS
    

**\[4.2.8\] (2021-04-29)#****Bug Fixes#**

*   **ios** Handling thrown errors in IonicNativeAuth class
*   **android** Add null check in onBiometricActivityResult

**\[4.2.7\] (2020-10-28)#****Bug Fixes#**

*   **android:** keyboard now displays when default passcode dialog opens

**\[4.2.6\] (2020-09-02)#****Bug Fixes#**

*   **android:** lifecycle events moved to the main thread

**\[4.2.5\] (2020-08-10)#****Bug Fixes#**

*   **iOS:** ensure the privacy screen image view appears as expected \[CT-138\]

**\[4.2.4\] (2020-07-22)#****Bug Fixes#**

*   **android:** reset auth attempts when clearing/resetting auth \[CT-83\]
*   **iOS:** ensure screen is always obscured when needed \[CT-61\]

**\[4.2.2\] (2020-06-10)#****Bug Fixes#**

*   add lock call to clean up in-memory mode , closes \[#118\]
*   **iOS:** ensuring that the screen is always hidden when backgrounded SE-202

**\[4.2.1\] (2020-05-27)#****Bug Fixes#**

*   **android:** avoid crash on detecting gesture navigation when using hideScreen

**\[4.2.0\] (2020-05-13)#****Bug Fixes#**

*   **android:** Added transparent theme for biometric auth activity SE-188
*   **android:** make hideScreen work when using gesture navigation

**Features#**

*   added method getAvailableHardware to return list of biometrics options

**\[4.1.0\] (2020-04-29)#****Bug Fixes#**

*   **cordova:** remove full paths in config file targets

**Features#**

*   `allowSystemPinFallback`, `shouldClearVaultAfterTooManyFailedAttempts`, and \`isLockedOutOfBiometrics

**\[4.0.1\] (2020-04-17)#****Bug Fixes#**

*   **android:** clear vault when there are too many failed bio unlock attempts
*   **ios:** clear vault when there are too many failed bio unlock attempts
*   allow install in cordova-android 9-dev

**\[4.0.0\] (2020-04-08)#****Bug Fixes#**

*   **ios:** swift 4.2 compilation issue

**Features#**

*   **android:** AndroidX upgrade, Android Face ID support

**BREAKING CHANGES#**

*   **android:** AndroidX is now required in projects with IV v4.

**\[3.6.4\] (2020-05-13)#****Bug Fixes#**

*   **android:** avoid KeyPermanentlyInvalidatedException problem on SDK 19 \[SE-183\]
*   **ios:** swift 4.2 compilation issue

**\[3.6.3\] (2020-04-01)#****Bug Fixes#**

*   **ios:** remove old vault upon reinstall

**\[3.6.2\] (2020-02-28)#****Bug Fixes#**

*   **ios:** clear the vault on lock when using InMemoryOnly mode

**\[3.6.1\] (2020-02-05)#****Bug Fixes#**

*   **Android, iOS:** fix an issue where if auto unlock or restore session fails the vault fails to fire the onVaultReady event

**\[3.6.0\] (2019-12-20)#****Features#**

*   add getKeys to IdentityVault
*   add removeValue to IdentityVault

**\[3.5.1\] (2019-12-18)#****Bug Fixes#**

*   **android:** properly call onVaultLocked after lock
*   **ios:** add screenProtectView on top window

**\[3.5.0\] (2019-11-27)#****Bug Fixes#**

*   **Android:** Fix issue where vault would crash if Android device only supported FaceMatch
*   **vault-user:** use the vault user methods to set the auth mode

**Features#**

*   add isBiometricsSupported function

**\[3.4.8\] (2019-11-08)#****Bug Fixes#**

*   **vault-user:** use the vault user methods to set the auth mode

**\[3.4.7\] (2019-09-09)#****Bug Fixes#**

*   **Android:** Fix an issue where the vault would not be cleared when fingerprints were added or all fingerprints were removed on Android..

**\[3.4.6\] (2019-08-07)#****Bug Fixes#**

*   **Android:** fix an issue where adding a fingerprint to device after the app was open would not refresh whether biometrics was available or not

**\[3.4.5\] (2019-07-27)#****Bug Fixes#**

*   **Android, iOS:** getSession return type and default IonicIdentityVaultUser generic to DefaultSession

**\[3.4.4\] (2019-07-25)#****Bug Fixes#**

*   **Android:** Fixes an issue on Android where getBiometricType would return none if Biometrics was not enabled even though the device had biometric hardware.

**\[3.4.3\] (2019-06-14)#****Bug Fixes#**

*   **Android:** Fixed issue where when hideScreenInBackground feature was enabled screenshots would be disabled.

**\[3.4.2\] (2019-06-14)#****Bug Fixes#**

*   **iOS:** Fixed an issue where the hide screen in background functionality was broken

**\[3.4.1\] (2019-06-06)#****Bug Fixes#**

*   **Android:** fix issue where setBiometricsEnabled(false) would throw an error if biometrics was unavailable

**\[3.4.0\] (2019-06-06)#****Bug Fixes#**

*   **iOS:** fix an issue where if a user removed fingerprints after authentication storing the session would return an error rather than default to passcode only mode
*   **iOS:** Fix issue where `getBiometricType` would return `none` if TouchID or FaceID was present on device but the user was not enrolled.
*   **iOS:** fix issue with getBiometricType and issue where lock event was triggered when lock was called in secure storage mode

**Features#**

*   Added android side of Secure Storage Mode
*   update Typescript/JS layer to support Secure Storage mode

**\[3.3.0\] (2019-05-10)#****Bug Fixes#**

*   **Android, iOS:** make the setting of the auth mode fault tolerant

**Features#**

*   **Android. iOS:** add Biometric or Passcode mode

**\[3.2.3\] (2019-04-29)#****Bug Fixes#**

*   **Android:** fix bug in Android where FingerprintManager import was missing

**\[3.2.2\] (2019-04-29)#****Bug Fixes#**

*   fix release configuration issue where xlmns:android was incorrectly add to manifest

**\[3.2.1\] (2019-04-27)#****Bug Fixes#**

*   fix bug where plugin id was incorrect and didn't include scope

**\[3.2.0\] (2019-04-26)#****Features#**

*   Added getPlugin method which can be overridden in advanced use cases to provide custom implementations for PWA compatibility etc.

**Bug Fixes#**

*   **iOS:** Fixed a bug on iOS where when using the hideScreenOnBackground flag the splashscreen may temporarily flash during biometric prompts.
*   **Android:** Fixed a bug on Android where isBiometricsAvailable would return true is some cases if No fingerprints were enrolled or fingerprint hardware wasn't available.
*   **Android, iOS:** Fixed a bug where getSession may incorrectly return `undefined` due to failing to wait for the plugin to be ready before returning.

**\[3.1.0\] (2019-04-19)#****Features#**

*   Added login method which clears the vault and stores the session passed to it.

**\[3.0.0\] (2019-04-08)#****Features#**

*   Added the ability to use onPasscodeRequest to use a custom pin prompt screen.
*   Made IdentityVaultUser a generic class to allow using the DefaultSession or extending it to type and store the session object.
*   Added support for advanced usages such as multi-tenant vaults by using the IonicNativeAuthPlugin and IdentityVault APIs directly.

CVE-2021-44033: Identity Vault Changelog - Identity Vault

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

CVE-2021-41165: ckeditor4/CHANGES.md at major · ckeditor/ckeditor4

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**BIOS Reference Code Advisory**

**Summary: **

Potential security vulnerabilities in the BIOS reference code for some Intel® Processors may allow escalation of privilege.  Intel is releasing firmware updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2021-0157

Description: Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2021-0158

Description: Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

**Affected Products:**

*   Intel® Xeon® Processor E Family
*   Intel® Xeon® Processor E3 v6 Family
*   Intel® Xeon® Processor W Family
*   3rd Generation Intel® Xeon® Scalable Processors
*   11th Generation Intel® Core™ Processors
*   10th Generation Intel® Core™ Processors
*   8th Generation Intel® Core™ Processors
*   7th Generation Intel® Core™ Processors
*   Intel® Core™ X-series Processors
*   Intel® Celeron® Processor N Series
*   Intel® Pentium® Silver Processor Series

**Recommendations:**

Intel recommends that users of affected Intel® Processors update to the latest version provided by the system manufacturer that addresses these issues.

**Acknowledgements:**

Intel would like to thank Itai Liba and Assaf Carlsbad from SentinelOne for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/09/2021

Initial Release

1.1

11/15/2021

Updated acknowledgements.

1.2

11/17/2021

Updated affected products to include 8th Generation Intel® Core™ Processor Family

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2020

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-0158: INTEL-SA-00562

Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® NUC Firmware Advisory**

**Summary: **

A potential security vulnerability in some Intel® NUCs may allow denial of service.  Intel is releasing firmware updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID:  CVE-2021-33086

Description: Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score:  6.3 Medium

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

**Affected Products:  
**

**Product**

**BIOS Download link**

Intel® NUC M15 Laptop Kit: LAPBC510, LAPBC710

BCTGL357.0064

Intel® NUC 11 Compute Element: CM11EBC4W, CM11EBi38W, CM11EBi58W, CM11EBi716W

EBTGL357.0056

Intel® NUC 11 Performance kit: NUC11PAHi3, NUC11PAHi5, NUC11PAHi7, NUC11PAKi3, NUC11PAKi5, NUC11PAKi7

Intel® NUC 11 Performance Mini PC - NUC11PAQi50WA, NUC11PAQi70QA

PATGL357.0040

Intel® NUC 11 Pro Board: NUC11TNBi3, NUC11TNBi5, NUC11TNBi7

Intel® NUC 11 Pro Kit: NUC11TNHi3, NUC11TNHi30L, NUC11TNHi30P, NUC11TNHi5, NUC11TNHi50L, NUC11TNHi50W, NUC11TNHi7, NUC11TNHi70L, NUC11TNHi70Q, NUC11TNKi3, NUC11TNKi5, NUC11TNKi7

TNTGL357.0057

Intel® NUC 11 Enthusiast Kit - NUC11PHKi7C

Intel® NUC 11 Enthusiast Mini PC - NUC11PHKi7CAA

PHTGL579.0062

Intel® NUC 10 Performance kit: NUC10i3FNH, NUC10i3FNHF, NUC10i3FNK, NUC10i5FNH, NUC10i5FNHF, NUC10i5FNHJ, NUC10i5FNK, NUC10i5FNKP, NUC10i7FNH, NUC10i7FNHC, NUC10i7FNK, NUC10i7FNKP, NUC10i3FNHFA, NUC10i3FNHJA, NUC10i5FNHCA, NUC10i5FNHJA, NUC10i5FNKPA, NUC10i7FNHAA, NUC10i7FNHJA, NUC10i7FNKPA

FNCML.0052

Intel® NUC 9 Pro Compute Element: NUC9V7QNB, NUC9VXQNB

Intel® NUC 9 Pro Kit: NUC9V7QNX, NUC9VXQNX

QNCFLX70.0063

Intel® NUC 8 Business, a Mini PC with Windows 10 - NUC8i7HNKQC

Intel® NUC 8 Enthusiast, a Mini PC with Windows 10: NUC8i7HVKVA, NUC8i7HVKVAW

Intel® NUC Kit: NUC8i7HNK, NUC8i7HVK

HNKBLi70.86A.0067

Intel® NUC 8 Enthusiast, a Mini PC with Windows 10: NUC8i7BEHGA, NUC8i7BEKQA

Intel® NUC 8 Home - a Mini PC with Windows 10: NUC8i3BEHFA, NUC8i5BEHFA, NUC8i5BEKPA

Intel® NUC Kit: NUC8i3BEH, NUC8i3BEHS, NUC8i3BEK, NUC8i5BEH, NUC8i5BEHS, NUC8i5BEK, NUC8i7BEH, NUC8i7BEK

BECFL357.86A.0088

Intel® NUC 8 Home, a Mini PC with Windows® 10: NUC8i3CYSM, NUC8i3CYSN

CYCNLi35.86A.0049

Intel® NUC 8 Rugged Kit NUC8CCHKR

Intel® NUC Board NUC8CCHB

CHAPLCEL.0054

Intel® NUC 8 Compute Element: CM8CCB, CM8i3CB, CM8i5CB, CM8i7CB, CM8PCB

CBWHL.0094

Intel® NUC 8 Pro Board NUC8i3PNB

Intel® NUC 8 Pro Kit: NUC8i3PNH, NUC8i3PNK

PNWHL357.0042

Intel® NUC 8 Mainstream-G kit: NUC8i5INH, NUC8i7INH

Intel® NUC 8 Mainstream-G mini PC: NUC8i5INH, NUC8i7INH

INWHL357.0041

Intel® NUC 7 Essential, a Mini PC with Windows® 10 - NUC7CJYSAL

Intel® NUC Kit: NUC7CJYH, NUC7PJYH

JYGLKCPX.86A.0062

Intel® NUC 7 Business, a Mini PC with Windows® 10 Pro - NUC7i3DNHNC

Intel® NUC 7 Business, a Mini PC with Windows® 10 Pro - NUC7i3DNKTC

Intel® NUC Board NUC7i3DNBE

Intel® NUC Kit NUC7i3DNHE, NUC7i3DNKE

DNKBLi30.86A.0073

Intel® NUC 7 Business, a Mini PC with Windows® 10 Pro - NUC7i5DNKPC,  NUC7i5DNBE, NUC7i5DNHE, NUC7i5DNKE

DNKBLi5v.86A.0073

Intel® NUC Kit: NUC6CAYH, NUC6CAYS

AYAPLCEL.86A.0069

**Recommendations:**

Intel recommends updating the Intel® NUCs listed above to the latest BIOS version (see provided table).

**Acknowledgements:**

Intel would like to thank Denis Straghkov for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

11/09/2021

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  
Copyright © Intel Corporation 2020

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-33086: INTEL-SA-00567

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).

Message ID

YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home

State

New

Delegated to:

Kalle Valo

Headers

show

Series

mwifiex\_usb: Fix skb\_over\_panic in mwifiex\_usb\_recv | expand

**Commit Message****Comments**

**Patch**

diff --git a/drivers/net/wireless/marvell/mwifiex/usb.c b/drivers/net/wireless/marvell/mwifiex/usb.c
index 426e39d4c..6d81e8786 100644
\--- a/drivers/net/wireless/marvell/mwifiex/usb.c
+++ b/drivers/net/wireless/marvell/mwifiex/usb.c
@@ -130,7 +130,8 @@  static int mwifiex\_usb\_recv(struct mwifiex\_adapter \*adapter,
 		default:
 			mwifiex\_dbg(adapter, ERROR,
 				    "unknown recv\_type %#x\\n", recv\_type);
\-			return -1;
+			ret = -1;
+			goto exit\_restore\_skb;
 		}
 		break;
 	case MWIFIEX\_USB\_EP\_DATA:

CVE-2021-43976: mwifiex_usb: Fix skb_over_panic in mwifiex_usb_recv

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information.  IBM X-Force ID:  206084.

**Security Bulletin**

  

**Summary**

There is a vulnerability in the libc.a library that affects AIX.

**Vulnerability Details**

**CVEID:**   CVE-2021-29860  
**DESCRIPTION:**   IBM AIX could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information.  
CVSS Base score: 6.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206084 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**Affected Products and Versions**

Affected Product(s)

Version(s)

AIX

7.1

AIX

7.2

VIOS

3.1

The vulnerabilities in the following filesets are being addressed:

Fileset

Lower Level

Upper Level

bos.rte.libc

7.1.5.0

7.1.5.37

bos.rte.libc

7.2.3.0

7.2.3.20

bos.rte.libc

7.2.4.0

7.2.4.3

bos.rte.libc

7.2.5.0

7.2.5.100

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.

Example:  lslpp -L | grep -i bos.rte.libc

**Remediation/Fixes**

**A. APARS**

IBM has assigned the following APARs to this problem:

AIX Level

APAR

SP

7.1.5

IJ35673

SP10

7.2.4

IJ35675

SP05

7.2.5

IJ32736

SP03-2135

VIOS Level

APAR

SP

3.1.0

IJ35674

N/A

3.1.1

IJ35675

3.1.1.50

3.1.2

IJ32714

3.1.2.30

Subscribe to the APARs here:

By subscribing, you will receive periodic email alerting you to the status of the APAR, and a link to download the fix once it becomes available.

**B. FIXES**

AIX and VIOS fixes are available.

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 to avoid a reboot.

The AIX and VIOS fixes can be downloaded via ftp or http from:

The link above is to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels.

AIX Level

Interim Fix

7.1.5.7

IJ33560m7b.211112.epkg.Z

7.1.5.8

IJ33560m8b.211112.epkg.Z

7.1.5.9

IJ35673s9a.211115.epkg.Z

7.2.4.2

IJ34512m2a.211112.epkg.Z

7.2.4.3

IJ34512m3a.211112.epkg.Z

7.2.4.4

IJ34512m4a.211112.epkg.Z

7.2.5.1

IJ34081m1a.211112.epkg.Z

7.2.5.2

IJ34081m2b.211112.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.2 is AIX 7200-05-02.

Please reference the Affected Products and Version section above for help with checking installed fileset levels.

VIOS Level

Interim Fix

3.1.0.40

IJ35681m5a.211112.epkg.Z

3.1.0.50

IJ35681m6a.211112.epkg.Z

3.1.0.60

IJ35681m7a.211112.epkg.Z

3.1.1.21

IJ34512m2a.211112.epkg.Z

3.1.1.25

IJ34512m2a.211112.epkg.Z

3.1.1.30

IJ34512m3a.211112.epkg.Z

3.1.1.40

IJ34512m4a.211112.epkg.Z

3.1.2.10

IJ34081m1a.211112.epkg.Z

3.1.2.21

IJ34081m2b.211112.epkg.Z

For AIX 7.1, the provided fixes include and replace the following previously published vulnerabiilty fixes:

For AIX 7.2 and VIOS, the provided fixes should not conflict and can be installed in addition to any previously published vulnerability fixes.

To extract the fixes from the tar file:

tar xvf libc\_fix2.tar

cd libc\_fix2

Verify you have retrieved the fixes intact:

The checksums below were generated using the "openssl dgst -sha256 \[filename\]" command as the following:

openssl dgst -sha256

filename

a997f0597986a2c77789aac9fb256a3e0d513311ef7bd7c7dbdd67ca1ba56ae7

IJ33560m7b.211112.epkg.Z

7490cde41556847c89f96b6f079e2287e29ea4e5100db2fd96fe32f0128c24f7

IJ33560m8b.211112.epkg.Z

eb592775a18c77a0751678905ac881401aad886471b1c627abceda3bbdec5536

IJ34081m1a.211112.epkg.Z

b8f192c3a39508d11142b99ddd881fa73d929d90a8965a952356945d4b1ba31a

IJ34081m2b.211112.epkg.Z

b59b364cc0238ecd58a9b2d0b7dd853e58f29fca217a629569c10fe113dc3547

IJ34512m2a.211112.epkg.Z

d86f61f1f4d560c16681e98fd07def998e9189a55e59cb2449b5cb38b2d9a66e

IJ34512m3a.211112.epkg.Z

4839f55dd72f1a88417e899570104c48154501f2f0d22d03bf2655f29400c8ad

IJ34512m4a.211112.epkg.Z

b7de872284deb63d440146d39bd9bb77afb6b61f38d63d99c8ee08f5333685c8

IJ35673s9a.211115.epkg.Z

846d36d37de4c925a9090de3720eacd53001b3526411e14cdc972b32d43b9b3f

IJ35681m5a.211112.epkg.Z

240a051b6fb954a3db28a5269324ad745f9ea86615724aba76615b5ae2112108

IJ35681m6a.211112.epkg.Z

b820d632ea6f601f2c748342f9c3f6719b3839aa916b531f3f0a3ea5be424f24

IJ35681m7a.211112.epkg.Z

These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes.  If the sums or signatures cannot be confirmed, contact IBM Support at http://ibm.com/support/ and describe the discrepancy.         

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[advisory\_file\].sig \[advisory\_file\]

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[ifix\_file\].sig \[ifix\_file\]

Published advisory OpenSSL signature file location:

**C. FIX AND INTERIM FIX INSTALLATION**

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 to avoid a reboot.

If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview a fix installation:

installp -a -d fix\_name -p all  # where fix\_name is the name of the

                                            # fix package being previewed.

To install a fix package:

installp -a -d fix\_name -X all  # where fix\_name is the name of the

                                            # fix package being installed.

Interim fixes have had limited functional and regression testing but not the full regression testing that takes place for Service Packs; however, IBM does fully support them.

Interim fix management documentation can be found at:

To preview an interim fix installation:

emgr -e ipkg\_name -p         # where ipkg\_name is the name of the

                                         # interim fix package being previewed.

To install an interim fix package:

emgr -e ipkg\_name -X         # where ipkg\_name is the name of the

                                         # interim fix package being installed.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

16 Nov 2021: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU048","label":"Systems w\\/TPS"},"Product":{"code":"OE609","label":"AIX-\\u0026gt;AIX 7.1"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.1","Edition":""},{"Business Unit":{"code":"BU054","label":"Systems w\\/TPS"},"Product":{"code":"SG11S","label":"APARs - AIX 7.2 environment"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.2","Edition":""},{"Business Unit":{"code":"BU048","label":"Systems w\\/TPS"},"Product":{"code":"SSSMHJ","label":"PowerVM Virtual I\\/O Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"3.1","Edition":""}\]

CVE-2021-29860: Security Bulletin: Vulnerability in libc affects AIX (CVE-2021-29860)

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information.  IBM X-Force ID:  206085.

CVE-2021-29861: IBM X-Force Exchange

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list.

**![](https://fortiguard.com/static/images/icons/psirt.svg?v=4671) PSIRT Advisories**

**FortiOS - Disclosure of other VDOMs information through CLI commands**

**Summary**

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list.  

**Affected Products**

FortiOS 7.0.0  
FortiOS 6.4.6 and below  
FortiOS 6.2.9 and below  
FortiOS 6.0.x  
FortiOS 5.6.x

**Solutions**

Please Upgrade to FortiOS 7.0.1 or above

Please Upgrade to FortiOS 6.4.7 or above  

Please Upgrade to FortiOS 6.2.10 or above  

**Acknowledgement**

Fortinet is pleased to thank Shaun Farrow for reporting this vulnerability under responsible disclosure.

Tag

#ios