8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
TSSC/IMC is vulnerable to aritrary code excecution due to kernel. A patch has been provided that updates the kernel library. CVE-2022-42896, CVE-2023-1281, CVE-2023-1829, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235.
CVEID:CVE-2022-42896
**DESCRIPTION:**Linux Kernel could allow a remote attacker from within the local network to execute arbitrary code on the system, caused by multiple use-after-free vulnerabilities in the net/bluetooth/l2cap_core.c’s l2cap_connect and l2cap_le_connect_req functions. By using Bluetooth within proximity of the victim, an attacker could exploit this vulnerability to execute arbitrary code on the system and leak kernel memory.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240820 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2023-1281
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the traffic control index filter (tcindex). By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to root.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250930 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-1829
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw when deleting a perfect hash filter in the tcindex_delete() function. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/252501 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-2124
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds access flaw in the XFS subsystem due to a missing metadata validation when mounting a user-supplied XFS disk image. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253226 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-2194
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the SLIMpro I2C device driver. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause the system to crash.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253494 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-2235
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the perf_group_detach function in the Performance Events system. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/254214 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
Total Storage Service Console (TSSC) / TS4500 IMC | 9.4.14 |
Total Storage Service Console (TSSC) / TS4500 IMC | 9.4.21 |
Total Storage Service Console (TSSC) / TS4500 IMC | 9.4.26 |
Total Storage Service Console (TSSC) / TS4500 IMC | 9.5.8 |
Affected Product(s) | Version(s) | Remediation/Fix/Instructions |
---|---|---|
Total Storage Service Console (TSSC) / TS4500 IMC | 9.4.14 |
Upgrade to 9.4.26/9.5.8
Download patch and execute on TSSC/IMC system
Total Storage Service Console (TSSC) / TS4500 IMC| 9.4.21|
Upgrade to 9.4.26/9.5.8
Download patch and execute on TSSC/IMC system
Total Storage Service Console (TSSC) / TS4500 IMC| 9.4.26| Download patch and execute on TSSC/IMC system
Total Storage Service Console (TSSC) / TS4500 IMC| 9.5.8| Download patch and execute on TSSC/IMC system
None
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High