Lucene search

K
ibmIBMF3C56D298A167C54BC76431CCC40FC7D20D12B41ABC24DB21359C9199EB6DAE0
HistoryAug 29, 2022 - 11:21 a.m.

Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

2022-08-2911:21:56
www.ibm.com
11

0.001 Low

EPSS

Percentile

34.0%

Summary

There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available.

Vulnerability Details

CVEID:CVE-2021-45485
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by improperly consider attacks from many IPv6 source addresses in net/ipv6/output_core.c in the IPv6 implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216133 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-45486
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by the use of small hash table in net/ipv4/route.c in the IPv4 implementation. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216134 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Elastic Storage System 6.1.0.0 - 6.1.3.1

Remediation/Fixes

IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000, 3200, 3500 and 5000 to the following code levels or higher:

V6.1.4.0 or later.

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.1.4&platform=All&function=all

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm elastic storage servereq6.1.