IBMF42698819438A0AFD00188966548F0688DA81186746B5D708D7F1D8C8274475ESecurity Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Elastic Storage System
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
46.0%
Summary
There is a vulnerability in Linux kernel, used by IBM Elastic Storage System, which could allow a denial of service. Fixes for these vulnerabilities are available.
Vulnerability Details
CVEID:CVE-2022-1012
**DESCRIPTION:**Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a memory leak flaw in the TCP source port generation algorithm in the net/ipv4/tcp.c function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230055 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)
CVEID:CVE-2022-0494
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain kernel information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222611 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-32296
**DESCRIPTION:**Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a flaw when increase the source port perturb table. By observing what source ports are used, an attacker could exploit this vulnerability to identify a client information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228178 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Elastic Storage System | 6.1.0.0 - 6.1.2.4 |
| IBM Elastic Storage System | 6.1.3.0 - 6.1.4.1 |
Remediation/Fixes
IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000, 3200, 3500 and 5000 to the following code levels:
V6.1.2.5 or later
V6.1.5 or later
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm elastic storage system | eq | 6.1.0 |
Related
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
46.0%