Basic search

K
ibmIBM9E0572E079EE2DB6A69199BA11F43F0108C669D867B07FC456FAC9EE79F813A3
HistoryJan 08, 2023 - 4:06 p.m.

Security Bulletin: Vulnerability in Kernel (CVE-2021-45485) affects Power HMC

2023-01-0816:06:31
www.ibm.com
17

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

38.6%

Summary

Kernel is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2021-45485
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by improperly consider attacks from many IPv6 source addresses in net/ipv6/output_core.c in the IPv6 implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216133 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
HMC V10.1.1010.0 V10.1.1010.0 and later
HMC V9.2.950.0 V9.2.950.0 and later

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V9.2.950.0 SP3 ppc

|

MB04331

|

MH01944

Power HMC

|

V9.2.950.0 SP3 x86

|

MB04330

|

MH01943

Power HMC

|

V10.1.1020.0 SP1 ppc

|

MB04363

|

MF70302

Power HMC

|

V10.1.1020.0 SP1 x86

|

MB04362

|

MF70301

Workarounds and Mitigations

None

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

38.6%

Related for 9E0572E079EE2DB6A69199BA11F43F0108C669D867B07FC456FAC9EE79F813A3