Lucene search

IBM9E0572E079EE2DB6A69199BA11F43F0108C669D867B07FC456FAC9EE79F813A3

HistoryJan 08, 2023 - 4:06 p.m.

Security Bulletin: Vulnerability in Kernel (CVE-2021-45485) affects Power HMC

2023-01-0816:06:31

www.ibm.com

linux kernel

power hmc

cve-2021-45485

vulnerability

ibm fix central

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

34.4%

JSON

Summary

Kernel is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2021-45485
**DESCRIPTION:**Linux Kernel could allow a local attacker to obtain sensitive information, caused by improperly consider attacks from many IPv6 source addresses in net/ipv6/output_core.c in the IPv6 implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216133 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
HMC V10.1.1010.0	V10.1.1010.0 and later
HMC V9.2.950.0	V9.2.950.0 and later

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>

Product

VRMF

APAR

Remediation/Fix

—|—|—|—

Power HMC

V9.2.950.0 SP3 ppc

MB04331

MH01944

Power HMC

V9.2.950.0 SP3 x86

MB04330

MH01943

Power HMC

V10.1.1020.0 SP1 ppc

MB04363

MF70302

Power HMC

V10.1.1020.0 SP1 x86

MB04362

MF70301

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmhardware_management_consoleMatchany

CPENameOperatorVersion
hardware management console v9eqany
hardware management console v10eqany

CPE	Name	Operator	Version
	hardware management console v9	eq	any
	hardware management console v10	eq	any

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

34.4%

JSON

Related for 9E0572E079EE2DB6A69199BA11F43F0108C669D867B07FC456FAC9EE79F813A3