Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC74627BE087E9509E96BDB330705CF9A6DBDBACE282665865ACBC365338BABC0
HistorySep 24, 2024 - 8:58 a.m.

Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

2024-09-2408:58:43
www.ibm.com
3
ibm storage virtualize
linux kernel
vulnerabilities
cve-2023-1073
cve-2023-45871
cve-2023-6356
cve-2023-6535
cve-2023-6536
cve-2023-1206
buffer overflow
denial of service

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

JSON

Summary

Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could cause various impacts. CVE-2023-1073 CVE-2023-45871 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-1206 CVE-2023-5178.

Vulnerability Details

CVEID:CVE-2023-1073
**DESCRIPTION:**Linux Kernel could allow a physical authenticated attacker to gain elevated privileges on the system, caused by a memory corruption flaw in the human interface device (HID) subsystem. By using a specially crafted USB device , an attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/251322 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-45871
**DESCRIPTION:**Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c. By sending a specially crafted request, a remote attacker from within the local network could overflow a buffer and execute arbitrary code or cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268717 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-6356
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the NVMe driver. By sending specially crafted TCP packages when using NVMe over TCP, a remote authenticated attacker could exploit this vulnerability to cause kernel panic, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283792 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-6535
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the NVMe driver. By sending specially crafted TCP packages when using NVMe over TCP, a remote authenticated attacker could exploit this vulnerability to cause kernel panic, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283790 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-6536
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the NVMe driver. By sending specially crafted TCP packages when using NVMe over TCP, a remote authenticated attacker could exploit this vulnerability to cause kernel panic, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283791 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-1206
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw in the IPv6 connection lookup table. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the CPU usage to increase, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/259617 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-5178
**DESCRIPTION:**Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the nvmet_tcp_free_crypto function in the NVMe-oF/TCP subsystem. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Virtualize 8.4
IBM Storage Virtualize 8.5
IBM Storage Virtualize 8.6

Remediation/Fixes

IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, IBM Storwize V5000 and V5100, IBM Storwize V5000E, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud, IBM FlashSystem V9000, IBM FlashSystem 9500, IBM FlashSystem 9100 Family, IBM FlashSystem 9200, IBM FlashSystem 7300, IBM FlashSystem 7200, IBM FlashSystem 5200 and IBM FlashSystem 5000 to the following code levels or higher:

8.4.0.15

8.5.0.13

8.6.0.5

8.7.0.0

Latest IBM SAN Volume Controller Code
Latest IBM Storwize V7000 Code
Latest IBM Storwize V5000 and V5100 Code
Latest IBM Storwize V5000E Code
Latest IBM FlashSystem V9000 Code
Latest IBM FlashSystem 9500 Code
Latest IBM FlashSystem 9100 Family Code
Latest IBM FlashSystem 9200 Code
Latest IBM FlashSystem 7300 Code
Latest IBM FlashSystem 7200 Code
Latest IBM FlashSystem 5000 and 5200 Code
Latest IBM Spectrum Virtualize Software
Latest IBM Spectrum Virtualize for Public Cloud

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmstorwize_v5000e_firmwareMatch8.4
OR
ibmstorwize_v5000e_firmwareMatch8.5
OR
ibmstorwize_v5000e_firmwareMatch8.6
OR
ibmstorwize_v7000Match8.4
OR
ibmstorwize_v7000Match8.5
OR
ibmstorwize_v7000Match8.6
OR
ibmibm_flashsystem_5x00Match8.4
OR
ibmibm_flashsystem_5x00Match8.5
OR
ibmibm_flashsystem_5x00Match8.6
OR
ibmstorwize_v5000Match8.4
OR
ibmstorwize_v5000Match8.5
OR
ibmstorwize_v5000Match8.6
OR
ibmspectrum_virtualize_for_public_cloudMatch8.4
OR
ibmspectrum_virtualize_for_public_cloudMatch8.5
OR
ibmspectrum_virtualize_for_public_cloudMatch8.6
OR
ibmibm_flashsystem_9x00Match8.4
OR
ibmibm_flashsystem_9x00Match8.5
OR
ibmibm_flashsystem_9x00Match8.6
OR
ibmspectrum_virtualize_softwareMatch8.4
OR
ibmspectrum_virtualize_softwareMatch8.5
OR
ibmspectrum_virtualize_softwareMatch8.6
OR
ibmibm_flashsystem_9500Match8.4
OR
ibmibm_flashsystem_9500Match8.5
OR
ibmibm_flashsystem_9500Match8.6
OR
ibmsan_volume_controllerMatch8.4
OR
ibmsan_volume_controllerMatch8.5
OR
ibmsan_volume_controllerMatch8.6
OR
ibmspectrum_virtualize_softwareMatch8.4
OR
ibmspectrum_virtualize_softwareMatch8.5
OR
ibmspectrum_virtualize_softwareMatch8.6
OR
ibmibm_flashsystem_7200Match8.4
OR
ibmibm_flashsystem_7200Match8.5
OR
ibmibm_flashsystem_7200Match8.6
OR
ibmibm_flashsystem_7300Match8.4
OR
ibmibm_flashsystem_7300Match8.5
OR
ibmibm_flashsystem_7300Match8.6
OR
ibmflashsystem_v9000Match8.4
OR
ibmflashsystem_v9000Match8.5
OR
ibmflashsystem_v9000Match8.6
VendorProductVersionCPE
ibmstorwize_v5000e_firmware8.4cpe:2.3:o:ibm:storwize_v5000e_firmware:8.4:*:*:*:*:*:*:*
ibmstorwize_v5000e_firmware8.5cpe:2.3:o:ibm:storwize_v5000e_firmware:8.5:*:*:*:*:*:*:*
ibmstorwize_v5000e_firmware8.6cpe:2.3:o:ibm:storwize_v5000e_firmware:8.6:*:*:*:*:*:*:*
ibmstorwize_v70008.4cpe:2.3:h:ibm:storwize_v7000:8.4:*:*:*:*:*:*:*
ibmstorwize_v70008.5cpe:2.3:h:ibm:storwize_v7000:8.5:*:*:*:*:*:*:*
ibmstorwize_v70008.6cpe:2.3:h:ibm:storwize_v7000:8.6:*:*:*:*:*:*:*
ibmibm_flashsystem_5x008.4cpe:2.3:a:ibm:ibm_flashsystem_5x00:8.4:*:*:*:*:*:*:*
ibmibm_flashsystem_5x008.5cpe:2.3:a:ibm:ibm_flashsystem_5x00:8.5:*:*:*:*:*:*:*
ibmibm_flashsystem_5x008.6cpe:2.3:a:ibm:ibm_flashsystem_5x00:8.6:*:*:*:*:*:*:*
ibmstorwize_v50008.4cpe:2.3:h:ibm:storwize_v5000:8.4:*:*:*:*:*:*:*
Rows per page:
1-10 of 361

Related

ubuntucve 7
nessus 58
fedora 2
openvas 9
osv 9
redhat 26
ibm 11
prion 7
oraclelinux 8
cve 7
nvd 7
cvelist 7
vulnrichment 3
redhatcve 7
debiancve 7
cbl_mariner 4
virtuozzo 1
f5 1
amazon 3
githubexploit 1
almalinux 1
cnvd 1
rocky 2
ubuntu 6
rosalinux 3
redos 1
ubuntucve
ubuntucve
CVE-2023-6356
2024-02-07 00:00:00
CVE-2023-6535
2024-02-07 00:00:00
CVE-2023-6536
2024-02-07 00:00:00
nessus
nessus
Fedora 38 : kernel (2024-0f89e13079)
2024-02-02 00:00:00
Fedora 39 : kernel (2024-50ab089b1d)
2024-02-02 00:00:00
RHEL 9 : kpatch-patch (RHSA-2024:0386)
2024-01-25 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: kernel-6.6.14-200.fc39
2024-02-02 01:15:59
[SECURITY] Fedora 38 Update: kernel-6.6.14-100.fc38
2024-02-02 02:23:23
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-50ab089b1d)
2024-02-02 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2024-0f89e13079)
2024-02-04 00:00:00
Ubuntu: Security Advisory (USN-6495-2)
2023-12-01 00:00:00
osv
osv
kernel-devel-6.7.4-1.1 on GA media
2024-06-15 00:00:00
Important: kernel security update
2024-02-20 00:00:00
Important: kernel security update
2024-03-27 04:37:19
redhat
redhat
(RHSA-2024:0386) Important: kpatch-patch security update
2024-01-24 08:54:34
(RHSA-2024:0725) Important: kernel-rt security update
2024-02-07 16:03:29
(RHSA-2023:7559) Important: kpatch-patch security update
2023-11-28 18:56:35
ibm
ibm
Security Bulletin: IBM DataPower Gateway vulnerable to multiple kernel CVEs
2024-09-06 15:43:01
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-42753, CVE-2023-5178, CVE-2023-47710, CVE-2023-45871)
2024-05-23 17:59:38
Security Bulletin: IBM DataPower Gateway vulnerable to physical attacks and DoS.
2024-09-17 21:36:28
prion
prion
Null pointer dereference
2024-02-07 21:15:00
Code injection
2023-10-15 01:15:00
Null pointer dereference
2024-02-07 21:15:00
oraclelinux
oraclelinux
kernel security update
2024-02-22 00:00:00
Unbreakable Enterprise kernel security update
2023-12-13 00:00:00
kernel security update
2024-03-06 00:00:00
cve
cve
CVE-2023-6356
2024-02-07 21:15:08
CVE-2023-6536
2024-02-07 21:15:08
CVE-2023-45871
2023-10-15 01:15:09
nvd
nvd
CVE-2023-6356
2024-02-07 21:15:08
CVE-2023-45871
2023-10-15 01:15:09
CVE-2023-6535
2024-02-07 21:15:08
cvelist
cvelist
CVE-2023-6356 Kernel: null pointer dereference in nvmet_tcp_build_iovec
2024-02-07 21:04:20
CVE-2023-45871
2023-10-15 00:00:00
CVE-2023-6535 Kernel: null pointer dereference in nvmet_tcp_execute_request
2024-02-07 21:04:21
vulnrichment
vulnrichment
CVE-2023-6356 Kernel: null pointer dereference in nvmet_tcp_build_iovec
2024-02-07 21:04:20
CVE-2023-6536 Kernel: null pointer dereference in __nvmet_req_complete
2024-02-07 21:05:13
CVE-2023-6535 Kernel: null pointer dereference in nvmet_tcp_execute_request
2024-02-07 21:04:21
redhatcve
redhatcve
CVE-2023-6356
2023-12-11 18:29:45
CVE-2023-6536
2023-12-11 18:31:14
CVE-2023-45871
2023-10-18 00:59:23
debiancve
debiancve
CVE-2023-6356
2024-02-07 21:15:08
CVE-2023-45871
2023-10-15 01:15:09
CVE-2023-6535
2024-02-07 21:15:08
cbl_mariner
cbl_mariner
CVE-2023-45871 affecting package kernel for versions less than 5.15.135.1-2
2023-11-08 02:07:28
CVE-2023-5178 affecting package hyperv-daemons for versions less than 5.15.137.1-1
2023-11-17 23:23:29
CVE-2023-5178 affecting package kernel for versions less than 5.15.138.1-4
2023-12-05 04:40:34
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 165.1 for Virtuozzo Hybrid Server 7.5
2023-12-19 00:00:00
f5
f5
K000140865: Linux kernel vulnerability CVE-2023-45871
2024-08-28 00:00:00
amazon
amazon
Important: kernel
2023-06-27 23:45:00
Important: kernel
2023-06-28 00:07:00
Medium: kernel
2024-02-01 19:57:00
githubexploit
githubexploit
Exploit for Use After Free in Linux Linux Kernel
2024-02-05 15:58:24
almalinux
almalinux
Important: kernel security update
2024-02-20 00:00:00
cnvd
cnvd
Linux kernel resource management error vulnerability (CNVD-2023-56640)
2023-07-12 00:00:00
rocky
rocky
kernel security update
2024-03-27 04:37:19
kernel security update
2024-01-12 19:59:56
ubuntu
ubuntu
Linux kernel vulnerabilities
2023-11-21 00:00:00
Linux kernel vulnerabilities
2023-11-30 00:00:00
Linux kernel vulnerabilities
2023-11-21 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2384
2024-03-28 06:52:37
Advisory ROSA-SA-2024-2383
2024-03-28 06:51:27
Advisory ROSA-SA-2024-2385
2024-03-28 06:53:29
redos
redos
ROS-20231009-02
2023-10-09 00:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

JSON
Related for C74627BE087E9509E96BDB330705CF9A6DBDBACE282665865ACBC365338BABC0
ubuntucve7nessus58fedora2openvas9osv9redhat26ibm11prion7oraclelinux8cve7nvd7cvelist7vulnrichment3redhatcve7debiancve7cbl_mariner4virtuozzo1f51amazon3githubexploit1almalinux1cnvd1rocky2ubuntu6rosalinux3redos1