IBMFB45D3BE087849EA08F872E49B767B171D1703BBD43E90FEC8EF806600368020Security Bulletin: Vulnerability in Linux kernel may affect IBM Spectrum Protect Plus
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
Summary
IBM Spectrum Protect Plus can be affected by vulnerability in Linux Kernel. Vulnerability includes elevation of privileges, as described by the CVE in the “Vulnerability Details” section.
Vulnerability Details
CVEID:CVE-2023-51043
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free due to a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 6.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/280864 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Storage Protect Plus Server | 10.1 |
Remediation/Fixes
| Affected Versions | Fixing Level | Platform | Link to Fix and Instructions |
|---|---|---|---|
| 10.1.0-10.1.16.1 | 10.1.16.2 | Linux | <https://www.ibm.com/support/pages/node/7109995> |
Workarounds and Mitigations
None
Affected configurations
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High