Lucene search

K
ibmIBMC82920461C7E9F0331D8313198749668E18B280A4C9AC4C13DCEEE165F7BAEEE
HistoryJun 18, 2018 - 1:41 a.m.

Security Bulletin: A vulnerability in the Linux kernel affects PowerKVM

2018-06-1801:41:58
www.ibm.com
16

0.0004 Low

EPSS

Percentile

0.4%

Summary

PowerKVM is affected by a vulnerability in the Linux kernel . IBM has now addressed thie vulnerability.

Vulnerability Details

CVEID: CVE-2017-8824**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the dccp_disconnect function in net/dccp/proto.c. By using a specially-crafted system call, an attacker could exploit this vulnerability to gain privileges or cause a denial of service.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/135913 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

PowerKVM v3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. See https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 13.

Workarounds and Mitigations

none

CPENameOperatorVersion
powerkvmeq3.1