최근 발생한 Spring framework에 대한 취약점과 관련하여
Layer7 Gateway 에 대한 Broadcom 사의 Notification입니다.
Dear Broadcom Customer:
The purpose of this Advisory is to inform you of a critical vulnerability that has been recently identified with the Spring library under vulnerability, CVE-2022-22965.
Please read the information provided below and follow the instructions in order to avoid being impacted by this problem.
PRODUCT(S) AFFECTED: Layer7 API Gateway
RELEASE: 10.1
PROBLEM DESCRIPTION:
A flaw, in the Spring Framework library used by API Gateway, was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization
in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values.
These are the requirements for the specific scenario from the report:
JDK 9 or higher
Apache Tomcat as the Servlet container
Packaged as a traditional WAR (in contrast to a Spring Boot executable jar)
spring-webmvc or spring-webflux dependency
Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions
However, the nature of the vulnerability is more general, and there may be other ways to exploit it that have not been reported yet.
SYMPTOMS:
An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
IMPACT:
An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
WORKAROUND:
No workaround is required at this time.
PROBLEM RESOLUTION:
Apr 1, 2022 - Investigation has started. As Layer7 does not use WAR packaging, the scenario mentioned does not seem to apply. But we are investigating further to
check impact and resolution.
Thank you,
Broadcom Team.