IBM3D431399A9B3836B1AB2A3D904135A5A043C4EAA8928A7DFBDF85A8AA46EF41ESecurity Bulletin: PowerKVM is affected by kernel vulnerabilities (Multiple CVEs)
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
Summary
PowerKVM is affected by multiple kernel vulnerabilities.
Vulnerability Details
CVEID: CVE-2015-2041**
DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in llc2_timeout_table. An attacker could exploit this vulnerability to leak kernel memory to user space.
CVSS Base Score: 1.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101026 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-2042**
DESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in rds_sysctl_rds_table. An attacker could exploit this vulnerability to leak kernel memory to user space.
CVSS Base Score: 1.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/101027 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
PowerKVM 2.1
Remediation/Fixes
Fix is made available via Fix Central (https://ibm.biz/BdEnT8) in 2.1.1 SP2 (build 51) and all later builds and fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using “yum update”.
Workarounds and Mitigations
None
Related
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P