Lucene search

IBM1DB127B8BBA33FDFE3E6E653606D9D44303A36FCD7E31AC245EA1B60E1092F94

HistoryAug 05, 2024 - 8:24 p.m.

Security Bulletin: IBM Storage Ceph is vulnerable to a Reachable Assertion in the RHEL UBI (CVE-2024-33601)

2024-08-0520:24:33

www.ibm.com

ibm storage ceph

reachable assertion

rhel ubi

cve-2024-33601

glibc

denial of service

upgrade

version 7.1

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

JSON

Summary

RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-33601.

Vulnerability Details

CVEID:CVE-2024-33601
**DESCRIPTION:**glibc is vulnerable to a denial of service, caused by a memory allocation failure when the Name Service Cache Daemon’s (nscd) netgroup cache uses the xmalloc or xrealloc functions. A local attacker could exploit this vulnerability to terminate the daemon.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290170 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Storage Ceph	7.0-7.0z2
IBM Storage Ceph	6.0, 6.1-6.1z6
IBM Storage Ceph	5.3z1-z6

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.
Download the latest version of IBM Storage Ceph and upgrade to 7.1 by following instructions.

<https://public.dhe.ibm.com/ibmdl/export/pub/storage/ceph/>
<https://www.ibm.com/docs/en/storage-ceph/7?topic=upgrading>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmstorage_cephMatch7.0

ibmstorage_cephMatch2

ibmstorage_cephMatch6.0

ibmstorage_cephMatch6.1

ibmstorage_cephMatch6

ibmstorage_cephMatch5.3

ibmstorage_cephMatch1

ibmstorage_cephMatch6

VendorProductVersionCPE
ibmstorage_ceph7.0cpe:2.3:a:ibm:storage_ceph:7.0:*:*:*:*:*:*:*
ibmstorage_ceph2cpe:2.3:a:ibm:storage_ceph:2:*:*:*:*:*:*:*
ibmstorage_ceph6.0cpe:2.3:a:ibm:storage_ceph:6.0:*:*:*:*:*:*:*
ibmstorage_ceph6.1cpe:2.3:a:ibm:storage_ceph:6.1:*:*:*:*:*:*:*
ibmstorage_ceph6cpe:2.3:a:ibm:storage_ceph:6:*:*:*:*:*:*:*
ibmstorage_ceph5.3cpe:2.3:a:ibm:storage_ceph:5.3:*:*:*:*:*:*:*
ibmstorage_ceph1cpe:2.3:a:ibm:storage_ceph:1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	storage_ceph	7.0	cpe:2.3:a:ibm:storage_ceph:7.0:::::::*
ibm	storage_ceph	2	cpe:2.3:a:ibm:storage_ceph:2:::::::*
ibm	storage_ceph	6.0	cpe:2.3:a:ibm:storage_ceph:6.0:::::::*
ibm	storage_ceph	6.1	cpe:2.3:a:ibm:storage_ceph:6.1:::::::*
ibm	storage_ceph	6	cpe:2.3:a:ibm:storage_ceph:6:::::::*
ibm	storage_ceph	5.3	cpe:2.3:a:ibm:storage_ceph:5.3:::::::*
ibm	storage_ceph	1	cpe:2.3:a:ibm:storage_ceph:1:::::::*