Lucene search

K
ibmIBMA654520C31D8C30F04EA4DF13D66906D11A4C16B55D50B50EB88F47415ABF80C
HistoryJun 03, 2022 - 10:36 a.m.

Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management

2022-06-0310:36:45
www.ibm.com
42

0.095 Low

EPSS

Percentile

94.7%

Summary

Kernel is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2021-4155
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by data leak flaw in the way how XFS_IOC_ALLOCSP IOCTL in the XFS filesystem is allowed for size increase of files with unaligned size. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information on the XFS filesystem, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216919 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2020-36385
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free flaw in drivers/infiniband/core/ucma.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203845 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-0492
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the cgroups v1 release_agent feature. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges and bypass namespace isolation unexpectedly.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218777 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Netezza Host Management IBM Netezza Host Management starting 5.4.9.0 - 5.4.31.0

Remediation/Fixes

Product VRMF Remediation/Fix
IBM Netezza Host Management 5.4.32.0 Fix_Central_Link

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm netezza host managementeqany