Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary

IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an authenticated or local authenticated attacker could exploit these vulnerabilities to cause a kernel panic, to cause a denial of service condition as described by the CVEs in the “Vulnerability Details” section.

Vulnerability Details

CVEID:CVE-2024-26586
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a stack corruption in mlxsw: spectrum_acl_tcam. A local attacker could exploit this vulnerability to cause a kernel panic.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283942 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26733
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a heap-based buffer overflow in arp_req_get(). By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294841 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-27019
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by potential data-race in __nft_obj_type_get() in netfilter: nf_tables. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/351446 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-52530
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by use-after-free in ieee80211_key_link in mac80211. By sending a specially crafted request, a local attacker could exploit this vulnerability to a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/350923 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-27011
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a memory leak in map from abort path. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/351450 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26759
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition in skipping swapcache of mm/swap. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/351454 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2024-26960
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition between free_swap_and_cache() and swapoff() in ‘mm: swap’. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/351559 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

Workarounds and Mitigations

None