Basic search

K
ibmIBMA674C91B70F53BB84749071CC77C217AB81431CC08244B1275049706D793DBFE
HistoryDec 05, 2022 - 7:46 p.m.

Security Bulletin: This Power System update is being released to address CVE 2021-45486

2022-12-0519:46:02
www.ibm.com
7

3.5 Low

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

2.7 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.2%

Summary

A security problem was fixed for the Virtualization Management Interface (VMI) for vulnerability CVE-2021-45486 that could allow a remote attacker to reveal sensitive information

Vulnerability Details

CVEID:CVE-2021-45486
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by the use of small hash table in net/ipv4/route.c in the IPv4 implementation. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216134 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s) Release(s)
Virtualization Management Interface FW1020

FW1020.00 through FW1020.10

Remediation/Fixes

Customers with the products below should install FW1020.20(1020_089) or newer to remediate this concern.

Power 10

  1. IBM Power System S1022 (9105-22A)
  2. IBM Power System S1024 (9105-42A)
  3. IBM Power System S1022S (9105-22B)
  4. IBM Power System S1014 (9105-41B)
  5. IBM Power System L1022 (9786-22H)
  6. IBM Power System L1024 (9786-42H)
  7. IBM Power System E1050 (9043-MRX)

Workarounds and Mitigations

None

3.5 Low

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

2.7 Low

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:S/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.2%

Related for A674C91B70F53BB84749071CC77C217AB81431CC08244B1275049706D793DBFE