IBMC82920461C7E9F0331D8313198749668E18B280A4C9AC4C13DCEEE165F7BAEEESecurity Bulletin: A vulnerability in the Linux kernel affects PowerKVM
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Summary
PowerKVM is affected by a vulnerability in the Linux kernel . IBM has now addressed thie vulnerability.
Vulnerability Details
CVEID: CVE-2017-8824**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the dccp_disconnect function in net/dccp/proto.c. By using a specially-crafted system call, an attacker could exploit this vulnerability to gain privileges or cause a denial of service.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/135913 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
PowerKVM v3.1
Remediation/Fixes
Customers can update PowerKVM systems by using โyum updateโ.
Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 13.
Workarounds and Mitigations
none
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C