Lucene search

K
ibmIBM433DE0092D030E14A71A2FA1BA9CEFA42E20E0192C794E75B0C1FF4CE223EEE8
HistoryAug 29, 2022 - 11:34 a.m.

Security Bulletin: Linux Kernel vulnerability may affect IBM Elastic Storage System (CVE-2021-4203)

2022-08-2911:34:52
www.ibm.com
41
linux kernel
ibm elastic storage system
denial of service
vulnerability
upgrade

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:N/A:P

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7

Confidence

High

EPSS

0.002

Percentile

53.0%

Summary

There is a vulnerability in Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service.

Vulnerability Details

**CVEID:**CVE-2021-4203 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free read flaw in the sock_getsockopt() function in net/core/sock.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to crash the system or obtain internal kernel information.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222609 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Elastic Storage System 6.1.0.0 - 6.1.2.3
IBM Elastic Storage System 6.1.3.0 - 6.1.3.1

Remediation/Fixes

IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000, 3200, 3500 and 5000 to the following code levels or higher:

V6.1.4.0 or later

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software defined storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.1.4&platform=All&function=all

V6.1.2.4 or later

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software defined storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.1.0&platform=All&function=all

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmelastic_storage_serverMatch6.1.
VendorProductVersionCPE
ibmelastic_storage_server6.1.cpe:2.3:a:ibm:elastic_storage_server:6.1.:*:*:*:*:*:*:*

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:N/A:P

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7

Confidence

High

EPSS

0.002

Percentile

53.0%