Lucene search

IBM84035FFDE9AC6513D08BEDE33AE2CAB35D8A53CC5971DB94A5FD73FC6196A4D0

HistoryJun 28, 2024 - 12:42 p.m.

Security Bulletin: A vulnerability in containerd affects Data Replication on Cloud Pak for Data

2024-06-2812:42:44

www.ibm.com

vulnerability

containerd

data replication

cloud pak

denial of service

fix pack 4.8.0

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.3%

JSON

Summary

A vulnerability in the containerd package has been addressed.

Vulnerability Details

CVEID:CVE-2022-31030
**DESCRIPTION:**containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local authenticated attacker could exploit this vulnerability to cause containerd to consume all available memory on the computer, and results in a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228282 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Data Replication on Cloud Pak for Data	All before 4.8.0

Remediation/Fixes

Update to the latest product fix pack found here: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=new-data-replication>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.6.4

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.6.5

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.0

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.1

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.2

CPENameOperatorVersion
ibm data replication cartridge for ibm cloud pak for dataeq4.6.4
ibm data replication cartridge for ibm cloud pak for dataeq4.6.5
ibm data replication cartridge for ibm cloud pak for dataeq4.7.0
ibm data replication cartridge for ibm cloud pak for dataeq4.7.1
ibm data replication cartridge for ibm cloud pak for dataeq4.7.2

Name	Operator	Version
ibm data replication cartridge for ibm cloud pak for data	eq	4.6.4
ibm data replication cartridge for ibm cloud pak for data	eq	4.6.5
ibm data replication cartridge for ibm cloud pak for data	eq	4.7.0
ibm data replication cartridge for ibm cloud pak for data	eq	4.7.1
ibm data replication cartridge for ibm cloud pak for data	eq	4.7.2