Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF807B8BF8FED64B19F65955C5B53A0D49642FDDE53A817D6E414C47C2BE44889
HistoryJul 30, 2021 - 5:04 a.m.

Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

2021-07-3005:04:04
www.ibm.com
23

0.0004 Low

EPSS

Percentile

10.1%

JSON

Summary

There are security vulnerabilities in versions of Linux Kernel that are shipped with versions of IBM Elastic Storage System. A fix for these vulnerabilities is available.

Vulnerability Details

CVEID:CVE-2021-3347
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a kernel stack use-after-free during fault handling in PI futexes. An attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the kernel.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195798 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-27835
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the infiniband hfi1 driver. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194430 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Elastic Storage System 6.0.0 - 6.1.1.0

Remediation/Fixes

IBM recommends that you fix this vulnerability by upgrading affected versions of IBM Elastic Storage System 3000 and 5000 to the following code levels or higher:

V6.1.1.1

https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=6.1.0&platform=All&function=all

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm elastic storage servereq6.0

Related

veracode 2
nvd 2
prion 2
ubuntucve 2
debiancve 2
cvelist 2
cve 2
redhatcve 2
archlinux 1
cbl_mariner 1
nessus 72
mageia 2
githubexploit 1
osv 9
openvas 35
fedora 2
redhat 22
oraclelinux 8
ubuntu 5
photon 6
ibm 5
amazon 3
centos 1
suse 4
almalinux 1
debian 3
virtuozzo 1
cloudlinux 1
veracode
veracode
Denial Of Service (DoS)
2021-02-26 02:11:00
Use After Free
2021-04-17 00:38:00
nvd
nvd
CVE-2020-27835
2021-01-07 18:15:13
CVE-2021-3347
2021-01-29 17:15:12
prion
prion
Design/Logic Flaw
2021-01-07 18:15:00
Design/Logic Flaw
2021-01-29 17:15:00
ubuntucve
ubuntucve
CVE-2020-27835
2021-01-07 00:00:00
CVE-2021-3347
2021-01-29 00:00:00
debiancve
debiancve
CVE-2020-27835
2021-01-07 18:15:13
CVE-2021-3347
2021-01-29 17:15:12
cvelist
cvelist
CVE-2020-27835
2021-01-07 17:24:30
CVE-2021-3347
2021-01-29 16:56:16
cve
cve
CVE-2020-27835
2021-01-07 18:15:13
CVE-2021-3347
2021-01-29 17:15:12
redhatcve
redhatcve
CVE-2020-27835
2020-12-09 19:44:51
CVE-2021-3347
2021-01-29 18:34:52
archlinux
archlinux
[ASA-202102-23] linux: arbitrary code execution
2021-02-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-3347 affecting package kernel 5.4.91-6
2021-08-25 19:57:09
nessus
nessus
Fedora 32 : kernel (2021-6e805a5051)
2021-02-05 00:00:00
Fedora 33 : kernel (2021-879c756377)
2021-02-05 00:00:00
RHEL 7 : kpatch-patch (RHSA-2021:2285)
2021-06-08 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerability
2021-02-01 20:53:46
Updated kernel packages fix security vulnerabilities
2021-02-01 00:34:26
githubexploit
githubexploit
Exploit for Use After Free in Linux Linux Kernel
2022-04-26 11:32:34
osv
osv
Kernel exploit: futex fixup_pi_state_owner() fault causes stack UAF
2021-08-01 00:00:00
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2021-04-13 15:23:48
linux-oem-5.10 vulnerabilities
2021-03-20 04:51:03
openvas
openvas
Fedora: Security Advisory for kernel (FEDORA-2021-6e805a5051)
2021-02-05 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2021-879c756377)
2021-02-05 00:00:00
Mageia: Security Advisory (MGASA-2021-0062)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: kernel-5.10.12-100.fc32
2021-02-05 01:33:23
[SECURITY] Fedora 33 Update: kernel-5.10.12-200.fc33
2021-02-05 01:59:43
redhat
redhat
(RHSA-2021:2285) Important: kpatch-patch security update
2021-06-08 08:11:33
(RHSA-2021:1295) Important: kpatch-patch security update
2021-04-20 20:21:58
(RHSA-2021:2730) Important: kernel security and bug fix update
2021-07-20 13:11:57
oraclelinux
oraclelinux
kernel security update
2021-08-30 00:00:00
Unbreakable Enterprise kernel-container security update
2021-03-09 00:00:00
Unbreakable Enterprise kernel security update
2021-03-12 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-04-13 00:00:00
Linux kernel (OEM) vulnerabilities
2021-03-20 00:00:00
Linux kernel vulnerabilities
2021-03-16 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0365
2021-02-26 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0322
2021-03-02 00:00:00
Important Photon OS Security Update - PHSA-2021-0193
2021-02-12 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX affect IBM Spectrum Protect Plus
2021-12-10 18:57:01
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
2021-09-23 03:53:04
Security Bulletin: Multiple vulnerabiities in the IBM 4769 Developer's Toolkit. CVE-2019-20811, CVE-2020-0466, CVE-2021-0920, CVE-2021-3347, CVE-2018-19985, CVE-2018-20169, CVE-2019-13648, CVE-2019-15916, CVE-2019-19527
2023-04-05 16:09:24
amazon
amazon
Important: kernel
2021-02-17 18:07:00
Important: kernel
2021-02-16 00:13:00
Important: kernel
2021-02-17 18:07:00
centos
centos
bpftool, kernel, perf, python security update
2021-06-14 18:52:13
suse
suse
Security update for the Linux Kernel (important)
2021-02-05 00:00:00
Security update for the Linux Kernel (important)
2022-05-16 00:00:00
Security update for the Linux Kernel (important)
2022-05-16 00:00:00
almalinux
almalinux
Important: kernel security, bug fix, and enhancement update
2021-04-06 13:33:17
debian
debian
[SECURITY] [DLA 2557-1] linux-4.19 security update
2021-02-12 19:25:34
[SECURITY] [DSA 4843-1] linux security update
2021-02-01 14:39:40
[SECURITY] [DSA 4843-1] linux security update
2021-02-01 14:39:40
virtuozzo
virtuozzo
[Important] [Security] New kernel 2.6.32-042stab146.1; Virtuozzo 6.0 Update 12 Hotfix 54 (6.0.12-3761)
2021-08-03 00:00:00
cloudlinux
cloudlinux
Fix of 13 CVEs
2022-04-21 21:21:15

0.0004 Low

EPSS

Percentile

10.1%

JSON
Related for F807B8BF8FED64B19F65955C5B53A0D49642FDDE53A817D6E414C47C2BE44889
veracode2nvd2prion2ubuntucve2debiancve2cvelist2cve2redhatcve2archlinux1cbl_mariner1nessus72mageia2githubexploit1osv9openvas35fedora2redhat22oraclelinux8ubuntu5photon6ibm5amazon3centos1suse4almalinux1debian3virtuozzo1cloudlinux1