CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-45871, by upgrading PowerVM and thus addressing the exposure to the kernel vulnerability.
**CVEID:**CVE-2023-45871 DESCRIPTION: Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c. By sending a specially crafted request, a remote attacker from within the local network could overflow a buffer and execute arbitrary code or cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268717 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
Virtualization Management Interface | FW1030.00 - FW1030.60 |
Virtualization Management Interface | FW1050.00 - FW1050.20 |
Customers with the products below should install FW1030.61(1030_093), FW1050.21(1050_080) or newer to remediate this vulnerability.
Power 10
IBM Power System S1022 (9105-22A)
IBM Power System S1024 (9105-42A)
IBM Power System S1022s (9105-22B)
IBM Power System S1014 (9105-41B)
IBM Power System L1022 (9786-22H)
IBM Power System L1024 (9786-42H)
IBM Power System E1050 (9043-MRX)
_The images mentioned above can be located at IBM Fix Central :https://www.ibm.com/support/fixcentral/_
None
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High