Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5A2D9370A2F81D76858E6F2B8D38834EFA2DA9D35055DD083CC98CE633E78725
HistorySep 27, 2024 - 6:10 p.m.

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

2024-09-2718:10:22
www.ibm.com
3

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.6

Confidence

High

JSON

Summary

IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to make arbitrarily change the value stored in EAX while a SEV VM is running, to trigger int80 syscall handling at any given point, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition, a local attacker could exploit this vulnerability to execute arbitrary code on the system, to cause a denial of service condition, an authenticated attacker could exploit this vulnerability to gain elevated privileges, to execute arbitrary code or cause the system to crash. as described by the CVEs in the “Vulnerability Details” section.

Vulnerability Details

CVEID:CVE-2024-25742
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by improper input validation. By injecting a specially crafted virtual interrupt 29 (#VC), an attacker could exploit this vulnerability to make arbitrarily change the value stored in EAX while a SEV VM is running.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292405 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2023-6932
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the ipv4: igmp component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275569 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-25743
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by improper input validation. By injecting a specially crafted virtual interrupts 0 and 14, an attacker could exploit this vulnerability to make arbitrarily change the value stored in EAX while a SEV VM is running.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292411 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2024-25744
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in rch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. By sending a specially crafted request, an attacker could exploit this vulnerability to trigger int80 syscall handling at any given point.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283669 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2023-39198
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the QXL driver. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271585 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2023-28464
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double free flaw in the hci_conn_cleanup function in the Bluetooth subsystem. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251275 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2024-26610
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption error. A local attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284755 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-52580
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an incorrect calculation of buffer size in ETH_P_1588 flow dissector. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292396 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-52581
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a memory leak when more than 255 elements expired. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause the system to crash.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292402 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-52439
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free memory flaw in the uio_open function. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283802 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-4244
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the netfilter: nf_tables component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265424 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Copy Data Management 2.2.0.0 - 2.2.24.0

Remediation/Fixes

Affected Versions|**Fixing **Level|Platform|**Link to Fix and Instructions
**
—|—|—|—
2.2.0.0 - 2.2.24.0| 2.2.24.1| Linux| ** **<https://www.ibm.com/support/pages/node/7150077&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmstorage_copy_data_managementMatch2.2
VendorProductVersionCPE
ibmstorage_copy_data_management2.2cpe:2.3:a:ibm:storage_copy_data_management:2.2:*:*:*:*:*:*:*

Related

amd 1
ubuntucve 15
redhat 8
nessus 59
redhatcve 13
oraclelinux 2
osv 11
rocky 3
debiancve 12
prion 11
cve 13
vulnrichment 7
cvelist 11
nvd 13
cbl_mariner 6
openvas 9
ubuntu 1
cnvd 1
amazon 1
photon 1
ibm 1
amd
amd
Disrupting AMD SEV-SNP on Linux® With Interrupts
2024-04-05 00:00:00
ubuntucve
ubuntucve
CVE-2024-25743
2024-05-15 00:00:00
CVE-2024-25744
2024-02-12 00:00:00
CVE-2023-52580
2024-03-02 00:00:00
redhat
redhat
(RHSA-2024:2628) Moderate: kernel-rt security and bug fix update
2024-05-01 00:08:21
(RHSA-2024:2627) Moderate: kernel security and bug fix update
2024-05-01 00:08:14
(RHSA-2024:2758) Moderate: kernel security and bug fix update
2024-05-08 00:02:33
nessus
nessus
RHEL 9 : kernel (RHSA-2024:2627)
2024-05-01 00:00:00
RHEL 9 : kernel-rt (RHSA-2024:2628)
2024-04-30 00:00:00
Oracle Linux 9 : kernel (ELSA-2024-2758)
2024-05-09 00:00:00
redhatcve
redhatcve
CVE-2023-52581
2024-03-04 18:27:36
CVE-2023-52580
2024-03-04 18:21:34
CVE-2023-28464
2023-03-31 15:19:47
oraclelinux
oraclelinux
kernel security and bug fix update
2024-05-08 00:00:00
kernel security, bug fix, and enhancement update
2024-05-23 00:00:00
osv
osv
Moderate: kernel security and bug fix update
2024-05-10 14:32:32
CVE-2024-25742
2024-05-17 22:15:07
CVE-2024-25743
2024-05-15 18:15:00
rocky
rocky
kernel security and bug fix update
2024-05-10 14:32:32
kernel-rt security and bug fix update
2024-06-14 13:59:36
kernel security, bug fix, and enhancement update
2024-06-14 13:59:16
debiancve
debiancve
CVE-2023-52581
2024-03-02 22:15:49
CVE-2023-52580
2024-03-02 22:15:49
CVE-2023-28464
2023-03-31 16:15:07
prion
prion
Buffer overflow
2024-03-02 22:15:00
Design/Logic Flaw
2024-03-02 22:15:00
Double free
2023-03-31 16:15:00
cve
cve
CVE-2023-52581
2024-03-02 22:15:49
CVE-2023-52580
2024-03-02 22:15:49
CVE-2023-28464
2023-03-31 16:15:07
vulnrichment
vulnrichment
CVE-2023-52581 netfilter: nf_tables: fix memleak when more than 255 elements expired
2024-03-02 21:59:47
CVE-2023-52580 net/core: Fix ETH_P_1588 flow dissector
2024-03-02 21:59:47
CVE-2023-52439 uio: Fix use-after-free in uio_open
2024-02-20 18:34:49
cvelist
cvelist
CVE-2023-52580 net/core: Fix ETH_P_1588 flow dissector
2024-03-02 21:59:47
CVE-2023-52581 netfilter: nf_tables: fix memleak when more than 255 elements expired
2024-03-02 21:59:47
CVE-2023-28464
2023-03-31 00:00:00
nvd
nvd
CVE-2023-52580
2024-03-02 22:15:49
CVE-2023-28464
2023-03-31 16:15:07
CVE-2023-52581
2024-03-02 22:15:49
cbl_mariner
cbl_mariner
CVE-2023-28464 affecting package kernel for versions less than 5.15.122.1-2
2023-08-10 16:37:57
CVE-2023-28464 affecting package kernel 5.10.185.1-1
2023-08-15 16:37:27
CVE-2023-39198 affecting package kernel for versions less than 5.15.138.1-4
2023-12-05 04:40:34
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (Live Patch 21 for SLE 15 SP4) (SUSE-SU-2024:0429-1)
2024-03-04 00:00:00
Ubuntu: Security Advisory (USN-6601-1)
2024-01-26 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1176)
2024-02-09 00:00:00
ubuntu
ubuntu
Linux kernel vulnerability
2024-01-25 00:00:00
cnvd
cnvd
Linux kernel elevation of privilege vulnerability (CNVD-2023-70083)
2023-09-11 00:00:00
amazon
amazon
Important: kernel
2024-01-03 21:04:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0490
2023-10-14 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities
2024-06-07 15:32:38

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.6

Confidence

High

JSON
Related for 5A2D9370A2F81D76858E6F2B8D38834EFA2DA9D35055DD083CC98CE633E78725
amd1ubuntucve15redhat8nessus59redhatcve13oraclelinux2osv11rocky3debiancve12prion11cve13vulnrichment7cvelist11nvd13cbl_mariner6openvas9ubuntu1cnvd1amazon1photon1ibm1