Lucene search

K
ibmIBM58F7FBDF8CC6584C9C8279E810F8B72C25FD076631BE171A88DAECB74DF1859F
HistoryOct 13, 2024 - 7:00 p.m.

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

2024-10-1319:00:55
www.ibm.com
17
ibm storage copy data management
linux kernel
vulnerabilities
denial of service
cwe-20
cwe-416
cve-2024-26614
cve-2024-36886
cve-2023-52471
ibm x-force
cvss

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

Summary

IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an attacker or local attacker could exploit these vulnerabilities to cause a denial of service condition and to execute code in the context of the kernel as described by the CVEs in the “Vulnerability Details” section.

Vulnerability Details

**CVEID:**CVE-2024-26614 **DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an error related to making sure init the accept_queue’s spinlocks once. A local attacker could exploit this vulnerability to cause a denial of service. **CWE:**CWE-20: Improper Input Validation **CVSS Source:**IBM X-Force **CVSS Base score:**6.2 CVSS Vector:(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2024-36886 **DESCRIPTION:**Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free when processing fragmented TIPC messages. By sending a specially crafted request, an attacker could exploit this vulnerability to execute code in the context of the kernel. **CWE:**CWE-416: Use After Free **CVSS Source:**IBM X-Force **CVSS Base score:**5.5 CVSS Vector:(CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**CVE-2023-52471 **DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in ice_ptp.c. A local attacker could exploit this vulnerability to cause a denial of service. **CWE:**CWE-476: NULL Pointer Dereference **CVSS Source:**IBM X-Force **CVSS Base score:**6.2 CVSS Vector:(CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Copy Data Management 2.2.0.0 - 2.2.24.0

Remediation/Fixes

Affected Versions Fixing Level Platform Link to Fix and Instructions
2.2.0.0 - 2.2.24.0 2.2.24.1 Linux https://www.ibm.com/support/pages/node/7150077

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmstorage_copy_data_managementMatch2.2
VendorProductVersionCPE
ibmstorage_copy_data_management2.2cpe:2.3:a:ibm:storage_copy_data_management:2.2:*:*:*:*:*:*:*

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High