Lucene search

IBM5ABC9FD290F32C7321449D29F4F3D661ECC2496E2FBB78F5F6D704F9279FAF7A

HistoryNov 12, 2019 - 3:47 p.m.

Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability

2019-11-1215:47:16

www.ibm.com

0.0004 Low

EPSS

Percentile

10.1%

JSON

Summary

IBM Security Guardium has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2018-10902 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double-free in in snd_rawmidi_input_params() and snd_rawmidi_output_status() triggered by the raw midi kernel driver. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with elevated privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148627> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected IBM Security Guardium

Affected Versions

—|—
IBM Security Guardium | 10.0 - 10.5
IBM Security Guardium | 10.6
IBM Security Guardium | 11.0

Remediation/Fixes

Product

VRMF

Remediation / First Fix

—|—|—
IBM Security Guardium | 10.0 - 10.5 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p530_Bundle_Jun-17-2019&includeSupersedes=0&source=fc
IBM Security Guardium | 10.6 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=All&function=fixId&fixids=SqlGuard_10.0p630_Bundle_Sep-25-2019&includeSupersedes=0&source=fc
IBM Security Guardium | 11.0 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=All&function=fixId&fixids=SqlGuard_11.0p12_Bundle_Nov-05-2019&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security guardiumeq10.0
ibm security guardiumeq10.5
ibm security guardiumeq10.6
ibm security guardiumeq11.0

Name	Operator	Version
ibm security guardium	eq	10.0
ibm security guardium	eq	10.5
ibm security guardium	eq	10.6
ibm security guardium	eq	11.0

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for 5ABC9FD290F32C7321449D29F4F3D661ECC2496E2FBB78F5F6D704F9279FAF7A