Lucene search

IBMDE96883322ADFFB1053926315A9CCBF923A051EFB7584674C17F344392B284D6

HistoryApr 24, 2023 - 8:09 a.m.

Security Bulletin: Vulnerability in D-Bus (CVE-2022-42010, CVE-2022-42011 and CVE-2022-42012) affects Power HMC

2023-04-2408:09:59

www.ibm.com

d-bus

vulnerability

power hmc

ibm

fixes

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

56.7%

JSON

Summary

D-Bus is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE’s.

Vulnerability Details

CVEID:CVE-2022-42010
**DESCRIPTION:**Freedesktop D-Bus is vulnerable to a denial of service, caused by an assertion failure. By sending a specially-crafted message using invalid type signature with incorrectly nested parentheses and curly brackets, a local attacker could exploit this vulnerability to cause a crash or incorrect message processing, and results in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237924 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-42011
**DESCRIPTION:**Freedesktop D-Bus is vulnerable to a denial of service, caused by an assertion failure. By sending a specially-crafted message using invalid array of fixed-length elements, a local attacker could exploit this vulnerability to cause a crash or incorrect message processing, and results in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237925 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-42012
**DESCRIPTION:**Freedesktop D-Bus is vulnerable to a denial of service, caused by a use-after-free and memory corruption flaw. By sending a specially-crafted message with out-of-band Unix file descriptors, a local attacker could exploit this vulnerability to cause a crash or incorrect message processing, and results in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237926 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
HMC V10.1.1010.0	V10.1.1010.0
HMC V10.2.1030.0	V10.2.1030.0
HMC V9.2.950.0	V9.2.950.0

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>

Product

VRMF

APAR

Remediation/Fix

—|—|—|—

Power HMC

V9.2.950.0 SP3 ppc

MB04397

MH01954

Power HMC

V9.2.950.0 SP3 x86

MB04396

MH01953

Power HMC

V10.1.1020.0 SP1 ppc

MB04388

MF70701

Power HMC

V10.1.1020.0 SP1 x86

MB04387

MF70700

Power HMC

V10.2.1030.0 ppc

MB04401

MF70890

Power HMC

V10.2.1030.0 SP1 x86

MB04400

MF70889

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmhardware_management_consoleMatchany

CPENameOperatorVersion
hardware management console v9eqany
hardware management console v10eqany

CPE	Name	Operator	Version
	hardware management console v9	eq	any
	hardware management console v10	eq	any

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for DE96883322ADFFB1053926315A9CCBF923A051EFB7584674C17F344392B284D6