CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-1206, by upgrading PowerVM and thus addressing the exposure to the kernel vulnerability.
CVEID:CVE-2023-1206
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw in the IPv6 connection lookup table. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the CPU usage to increase, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259617 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
Virtualization Management Interface | FW1030.00 - FW1030.60 |
Virtualization Management Interface | FW1050.00 - FW1050.20 |
Customers with the products below should install FW1030.61(1030_093), FW1050.21(1050_080) or newer to remediate this vulnerability.
Power 10
IBM Power System S1022 (9105-22A)
IBM Power System S1024 (9105-42A)
IBM Power System S1022s (9105-22B)
IBM Power System S1014 (9105-41B)
IBM Power System L1022 (9786-22H)
IBM Power System L1024 (9786-42H)
IBM Power System E1050 (9043-MRX)
_The images mentioned above can be located at IBM Fix Central : <https://www.ibm.com/support/fixcentral/>_
None
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High