CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to make arbitrarily change the value stored in EAX while a SEV VM is running, to trigger int80 syscall handling at any given point, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition, a local attacker could exploit this vulnerability to execute arbitrary code on the system, to cause a denial of service condition, an authenticated attacker could exploit this vulnerability to gain elevated privileges, to execute arbitrary code or cause the system to crash. as described by the CVEs in the “Vulnerability Details” section.
CVEID:CVE-2024-25742
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by improper input validation. By injecting a specially crafted virtual interrupt 29 (#VC), an attacker could exploit this vulnerability to make arbitrarily change the value stored in EAX while a SEV VM is running.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292405 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2023-6932
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the ipv4: igmp component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/275569 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2024-25743
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by improper input validation. By injecting a specially crafted virtual interrupts 0 and 14, an attacker could exploit this vulnerability to make arbitrarily change the value stored in EAX while a SEV VM is running.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292411 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2024-25744
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in rch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. By sending a specially crafted request, an attacker could exploit this vulnerability to trigger int80 syscall handling at any given point.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283669 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVEID:CVE-2023-39198
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the QXL driver. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271585 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
CVEID:CVE-2023-28464
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double free flaw in the hci_conn_cleanup function in the Bluetooth subsystem. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251275 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2024-26610
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption error. A local attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/284755 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-52580
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by an incorrect calculation of buffer size in ETH_P_1588 flow dissector. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292396 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-52581
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a memory leak when more than 255 elements expired. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause the system to crash.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/292402 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-52439
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free memory flaw in the uio_open function. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause the system to crash.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283802 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2023-4244
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the netfilter: nf_tables component. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265424 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Storage Copy Data Management | 2.2.0.0 - 2.2.24.0 |
Affected Versions|**Fixing **Level|Platform|**Link to Fix and Instructions
**
—|—|—|—
2.2.0.0 - 2.2.24.0| 2.2.24.1| Linux| ** **<https://www.ibm.com/support/pages/node/7150077>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | storage_copy_data_management | 2.2 | cpe:2.3:a:ibm:storage_copy_data_management:2.2:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High