Lucene search

IBM84035FFDE9AC6513D08BEDE33AE2CAB35D8A53CC5971DB94A5FD73FC6196A4D0

HistoryJun 28, 2024 - 12:42 p.m.

Security Bulletin: A vulnerability in containerd affects Data Replication on Cloud Pak for Data

2024-06-2812:42:44

www.ibm.com

vulnerability

containerd

data replication

cloud pak

denial of service

fix pack 4.8.0

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

JSON

Summary

A vulnerability in the containerd package has been addressed.

Vulnerability Details

CVEID:CVE-2022-31030
**DESCRIPTION:**containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local authenticated attacker could exploit this vulnerability to cause containerd to consume all available memory on the computer, and results in a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/228282 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
Data Replication on Cloud Pak for Data	All before 4.8.0

Remediation/Fixes

Update to the latest product fix pack found here: <https://www.ibm.com/docs/en/cloud-paks/cp-data/4.8.x?topic=new-data-replication>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.6.4

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.6.5

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.0

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.1

ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_dataMatch4.7.2

VendorProductVersionCPE
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_data4.6.4cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.6.4:*:*:*:*:*:*:*
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_data4.6.5cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.6.5:*:*:*:*:*:*:*
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_data4.7.0cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.0:*:*:*:*:*:*:*
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_data4.7.1cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.1:*:*:*:*:*:*:*
ibmcognos_analytics_cartridge_for_ibm_cloud_pak_for_data4.7.2cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cognos_analytics_cartridge_for_ibm_cloud_pak_for_data	4.6.4	cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.6.4:::::::*
ibm	cognos_analytics_cartridge_for_ibm_cloud_pak_for_data	4.6.5	cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.6.5:::::::*
ibm	cognos_analytics_cartridge_for_ibm_cloud_pak_for_data	4.7.0	cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.0:::::::*
ibm	cognos_analytics_cartridge_for_ibm_cloud_pak_for_data	4.7.1	cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.1:::::::*
ibm	cognos_analytics_cartridge_for_ibm_cloud_pak_for_data	4.7.2	cpe:2.3:a:ibm:cognos_analytics_cartridge_for_ibm_cloud_pak_for_data:4.7.2:::::::*