IBM20CEE5F27C8FFA02182D7BA3B0AA9960428C524B80DE0282D08C289EA7343835Security Bulletin: Vulnerability with kernel , OpenJDK jna-platform affect IBM Cloud Object Storage Systems (Sept2023)
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
25.7%
Summary
Vulnerability with kernel (CVE-2023-2269, CVE-2023-34256), OpenJDK (CVE-2023-22041 CVE-2023-22043 CVE-2023-22044 CVE-2023-22006 CVE-2023-22045 CVE-2023-22036 CVE-2023-22049), jna-platform ( 240628 ) This vulnerability have been addressed in the latest ClevOS releases
Vulnerability Details
CVEID:CVE-2023-22041
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a local attacker to cause high confidentiality impacts.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261045 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2023-22043
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE related to the JavaFX component could allow a remote authenticated attacker to cause high integrity impacts
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261057 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID:CVE-2023-22044
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261046 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2023-22006
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Networking component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261043 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-22045
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2023-22036
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Utility component could allow a remote attacker to cause low availability impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261044 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-22049
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow a remote attacker to cause low integrity impacts.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:CVE-2023-34256
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read flaw in crc16 in lib/crc16.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/256733 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2023-2269
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a deadlock in the table_clear function in the Device Mapper-Multipathing sub-component in drivers/md/dm-ioctl.c. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253813 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
**IBM X-Force ID:**240628
**DESCRIPTION:**Java Native Access (JNA) is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the Advapi32Util.registryGetValues function. By persuading a victim to open a specially-crafted content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240628 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Object System | 3.17.5.57 or Prior Releases |
| IBM Cloud Object System | 3.17.0.108 or Prior LTSR Release |
Remediation/Fixes
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud object storage system | eq | 3.17 |
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
25.7%