Lucene search

K
ibmIBM7F16B180A017EE946A9293B7F73BB16643FA0EDB494E3BDE4E5E8DC3D7C98EE5
HistoryJan 08, 2023 - 4:04 p.m.

Security Bulletin: Vulnerability in Kernel (CVE-2022-1012) affects Power HMC

2023-01-0816:04:52
www.ibm.com
86

0.001 Low

EPSS

Percentile

46.3%

Summary

Kernel is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-1012
**DESCRIPTION:**Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a memory leak flaw in the TCP source port generation algorithm in the net/ipv4/tcp.c function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230055 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
HMC V10.1.1010.0 V10.1.1010.0 and later
HMC V9.2.950.0 V9.2.950.0 and later

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V9.2.950.0 SP3 ppc

|

MB04331

|

MH01944

Power HMC

|

V9.2.950.0 SP3 x86

|

MB04330

|

MH01943

Power HMC

|

V10.1.1020.0 SP1 ppc

|

MB04363

|

MF70302

Power HMC

|

V10.1.1020.0 SP1 x86

|

MB04362

|

MF70301

Workarounds and Mitigations

None