Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7F16B180A017EE946A9293B7F73BB16643FA0EDB494E3BDE4E5E8DC3D7C98EE5
HistoryJan 08, 2023 - 4:04 p.m.

Security Bulletin: Vulnerability in Kernel (CVE-2022-1012) affects Power HMC

2023-01-0816:04:52
www.ibm.com
87
kernel
power hmc
cve-2022-1012
linux
memory leak
tcp
power hmc v10.1.1010.0
power hmc v9.2.950.0
ibm fix central
vulnerability

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

0.001 Low

EPSS

Percentile

46.8%

JSON

Summary

Kernel is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2022-1012
**DESCRIPTION:**Linux Kernel could allow a remote attacker to obtain sensitive information, caused by a memory leak flaw in the TCP source port generation algorithm in the net/ipv4/tcp.c function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230055 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
HMC V10.1.1010.0 V10.1.1010.0 and later
HMC V9.2.950.0 V9.2.950.0 and later

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

β€”|β€”|β€”|β€”

Power HMC

|

V9.2.950.0 SP3 ppc

|

MB04331

|

MH01944

Power HMC

|

V9.2.950.0 SP3 x86

|

MB04330

|

MH01943

Power HMC

|

V10.1.1020.0 SP1 ppc

|

MB04363

|

MF70302

Power HMC

|

V10.1.1020.0 SP1 x86

|

MB04362

|

MF70301

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmhardware_management_consoleMatchany
OR
ibmhardware_management_consoleMatchany

Related

cvelist 1
redhatcve 2
nvd 1
veracode 1
cbl_mariner 2
prion 1
ubuntucve 2
ibm 8
cve 1
debiancve 1
nessus 60
oraclelinux 2
osv 25
redhat 17
almalinux 4
rocky 2
altlinux 1
mageia 2
openvas 35
ubuntu 18
suse 7
amazon 2
photon 2
ics 1
debian 1
cvelist
cvelist
CVE-2022-1012
2022-08-05 00:00:00
redhatcve
redhatcve
CVE-2022-1012
2022-05-10 12:29:51
CVE-2022-32296
2022-06-14 14:30:03
nvd
nvd
CVE-2022-1012
2022-08-05 16:15:11
veracode
veracode
Memory Leak
2022-07-21 00:43:27
cbl_mariner
cbl_mariner
CVE-2022-1012 affecting package kernel 5.10.131.1-1
2022-09-17 05:57:05
CVE-2022-1012 affecting package kernel for versions less than 5.15.67.1-4
2022-10-05 23:34:27
prion
prion
Memory corruption
2022-08-05 16:15:00
ubuntucve
ubuntucve
CVE-2022-1012
2022-05-12 00:00:00
CVE-2022-32296
2022-06-05 00:00:00
ibm
ibm
Security Bulletin: IBM DataPower Gateway subject to a memory leak in TCP source port generation (CVE-2022-1012)
2022-12-16 18:58:43
Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Elastic Storage System
2022-12-13 13:33:54
Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
2023-03-29 01:48:02
cve
cve
CVE-2022-1012
2022-08-05 16:15:11
debiancve
debiancve
CVE-2022-1012
2022-08-05 16:15:11
nessus
nessus
AlmaLinux 8 : kernel-rt (5834) (ALSA-2022:5834)
2022-08-05 00:00:00
AlmaLinux 8 : kernel (5819) (ALSA-2022:5819)
2022-08-10 00:00:00
Rocky Linux 8 : kernel (RLSA-2022:5819)
2022-08-16 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2022-08-08 00:00:00
kernel security and bug fix update
2022-06-30 00:00:00
osv
osv
Important: kernel-rt security and bug fix update
2022-08-02 00:00:00
Important: kernel security and bug fix update
2022-08-02 07:00:14
Important: kernel security and bug fix update
2022-08-03 00:00:00
redhat
redhat
(RHSA-2022:5819) Important: kernel security and bug fix update
2022-08-02 07:00:14
(RHSA-2022:5834) Important: kernel-rt security and bug fix update
2022-08-02 07:11:05
(RHSA-2022:5636) Important: kernel security and bug fix update
2022-07-19 14:44:22
almalinux
almalinux
Important: kernel security and bug fix update
2022-08-03 00:00:00
Important: kernel-rt security and bug fix update
2022-08-02 00:00:00
Important: kernel-rt security and bug fix update
2022-06-28 00:00:00
rocky
rocky
kernel security and bug fix update
2022-08-02 07:00:14
kernel-rt security and bug fix update
2022-08-02 07:11:05
altlinux
altlinux
Security fix for the ALT Linux 10 package kernel-image-std-def version 2:5.10.121-alt1
2022-06-15 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2022-05-21 11:50:18
Updated kernel packages fix security vulnerabilities
2022-05-21 11:50:18
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0195)
2022-05-23 00:00:00
Ubuntu: Security Advisory (USN-5630-1)
2022-09-23 00:00:00
Ubuntu: Security Advisory (USN-5622-1)
2022-09-22 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-09-21 00:00:00
Linux kernel (Raspberry Pi) vulnerabilities
2022-09-22 00:00:00
Linux kernel (GCP) vulnerabilities
2022-10-06 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2022-06-24 00:00:00
Security update for the Linux Kernel (important)
2022-09-01 00:00:00
Security update for the Linux Kernel (important)
2022-09-01 00:00:00
amazon
amazon
Important: kernel
2022-06-30 23:38:00
Important: kernel
2022-07-06 03:13:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0238
2022-08-26 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0238
2022-08-26 00:00:00
ics
ics
​Siemens SIMATIC MV500 Devices
2023-07-13 12:00:00
debian
debian
[SECURITY] [DSA 5161-1] linux security update
2022-06-11 09:15:06

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

0.001 Low

EPSS

Percentile

46.8%

JSON
Related for 7F16B180A017EE946A9293B7F73BB16643FA0EDB494E3BDE4E5E8DC3D7C98EE5
cvelist1redhatcve2nvd1veracode1cbl_mariner2prion1ubuntucve2ibm8cve1debiancve1nessus60oraclelinux2osv25redhat17almalinux4rocky2altlinux1mageia2openvas35ubuntu18suse7amazon2photon2ics1debian1