Lucene search

K
ibmIBM10343621C306967241C2C74A3F22208B445D394BB4E93ED610E6F35CEA16DBF8
HistorySep 27, 2024 - 6:11 p.m.

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

2024-09-2718:11:19
www.ibm.com
12
linux kernel
ibm storage copy data management
vulnerabilities
denial of service
sensitive information

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.001

Percentile

30.0%

Summary

IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local authenticated attacker could exploit the vulnerability to cause the kernel to crash, to cause a denial of service condition, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system, a physical attacker could exploit the vulnerability to cause the system to crash, an attacker could exploit the vulnerability to obtain internal kernel information or cause the system to crash and to execute arbitrary code or cause a denial of service condition as described by the CVEs in the “Vulnerability Details” section.

Vulnerability Details

**CVEID:**CVE-2023-42755 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read in the rsvp traffic classifier. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the kernel to crash.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267185 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H)

**CVEID:**CVE-2023-52477 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when usb_get_bos_descriptor() fails. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292452 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-1513 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw when calling the KVM_GET_DEBUGREGS ioctl in the KVM module. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251403 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

**CVEID:**CVE-2023-31083 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO in the hci_uart_tty_ioctl function in drivers/bluetooth/hci_ldisc.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253580 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-26779 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition on enabling fast-xmit. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294251 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-39193 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the match_flags function in Netfilter Xtables. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267515 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L)

**CVEID:**CVE-2024-27059 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a divide by zero flaw in the isd200_ata_command function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294100 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-52578 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to using DEV_STATS_INC(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294109 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-26993 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a reference leak in sysfs_break_active_protection(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294129 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-37453 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds flaw in the read_descriptors function in drivers/usb/core/sysfs.c in the USB subsystem. By using a specially crafted USB device, a physical attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259996 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-26743 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to qedr_create_user_qp error flow. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294118 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-39192 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the u32_match_it function in Netfilter Xtables. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267514 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)

**CVEID:**CVE-2023-42754 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the ipv4_send_dest_unreach function in net/ipv4/route.c. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267500 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-52489 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in accessing memory_section->usage. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292394 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-52574 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw when team device type is changed. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292395 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-27014 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a deadlock issue while disabling aRFS. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294104 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-26933 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a deadlock in port “disable” sysfs attribute. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294125 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-26892 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in free_irq(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294121 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-26694 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a double-free error. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294117 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-3567 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free flaw in the vcs_read function in drivers/tty/vt/vc_screen.c in vc_screen. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain internal kernel information or cause the system to crash.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261504 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H)

**CVEID:**CVE-2023-45863 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a race condition that results in a fill_kobj_path out-of-bounds write in lib/kobject.c. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268715 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**CVE-2023-52513 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to the handling of a connection failure. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294105 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-52610 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an skb leak and crash on ooo frags. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294113 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H)

**CVEID:**CVE-2023-4133 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the cxgb4 driver. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262541 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Copy Data Management 2.2.0.0 - 2.2.24.0

Remediation/Fixes

Affected Versions|Fixing****Level|Platform|**Link to Fix and Instructions
**
—|—|—|—
2.2.0.0 - 2.2.24.0| 2.2.24.1| Linux| ****https://www.ibm.com/support/pages/node/7150077

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmstorage_copy_data_managementMatch2.2
VendorProductVersionCPE
ibmstorage_copy_data_management2.2cpe:2.3:a:ibm:storage_copy_data_management:2.2:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.001

Percentile

30.0%