Security Bulletin: IBM i is vulnerable to a local privilege escalation due to an unqualified library call in networking and compiler infrastructure [CVE-2024-25050]

Summary

IBM i is vulnerable to a user gaining elevated privilege due to a CL command being called without library qualification in networking and compiler infrastructure as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section.

Vulnerability Details

CVEID:CVE-2024-25050
**DESCRIPTION:**IBM i networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283242 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

The issue can be fixed by applying PTFs to IBM i. IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.

The IBM i PTF numbers for 5770-SS1 *BASE and Option 12 (12) contain the fixes for the vulnerability.

IBM i Release

|

5770-SS1

|

PTF Download Link

—|—|—
7.5|

SI86029
SI86085
SI86108
SI86125
SI86236
SI86244
SI86248
SI86251
SJ00060
SJ00086 (12)
SJ00098 (12)
SJ00110
SJ00127
SJ00156
SJ00209
SJ00307
SJ00332
SJ00337
SJ00340
SJ00445
SJ00447
SJ00523

|

https://www.ibm.com/support/pages/ptf/SI86029
https://www.ibm.com/support/pages/ptf/SI86085
https://www.ibm.com/support/pages/ptf/SI86108
https://www.ibm.com/support/pages/ptf/SI86125
https://www.ibm.com/support/pages/ptf/SI86236
https://www.ibm.com/support/pages/ptf/SI86244
https://www.ibm.com/support/pages/ptf/SI86248
https://www.ibm.com/support/pages/ptf/SI86251
https://www.ibm.com/support/pages/ptf/SJ00060
https://www.ibm.com/support/pages/ptf/SJ00086
https://www.ibm.com/support/pages/ptf/SJ00098
https://www.ibm.com/support/pages/ptf/SJ00110
https://www.ibm.com/support/pages/ptf/SJ00127
https://www.ibm.com/support/pages/ptf/SJ00156
https://www.ibm.com/support/pages/ptf/SJ00209
https://www.ibm.com/support/pages/ptf/SJ00307
https://www.ibm.com/support/pages/ptf/SJ00332
https://www.ibm.com/support/pages/ptf/SJ00337
https://www.ibm.com/support/pages/ptf/SJ00340
https://www.ibm.com/support/pages/ptf/SJ00445
https://www.ibm.com/support/pages/ptf/SJ00447
https://www.ibm.com/support/pages/ptf/SJ00523

7.4|

SI86026
SI86044
SI86074
SI86086
SI86124
SI86243
SI86247
SJ00004
SJ00059
SJ00087 (12)
SJ00099 (12)
SJ00109
SJ00155
SJ00208
SJ00331
SJ00333
SJ00336
SJ00341
SJ00444
SJ00446
SJ00529

|

https://www.ibm.com/support/pages/ptf/SI86026
https://www.ibm.com/support/pages/ptf/SI86044
https://www.ibm.com/support/pages/ptf/SI86074
https://www.ibm.com/support/pages/ptf/SI86086
https://www.ibm.com/support/pages/ptf/SI86124
https://www.ibm.com/support/pages/ptf/SI86243
https://www.ibm.com/support/pages/ptf/SI86247
https://www.ibm.com/support/pages/ptf/SJ00004
https://www.ibm.com/support/pages/ptf/SJ00059
https://www.ibm.com/support/pages/ptf/SJ00087
https://www.ibm.com/support/pages/ptf/SJ00099
https://www.ibm.com/support/pages/ptf/SJ00109
https://www.ibm.com/support/pages/ptf/SJ00155
https://www.ibm.com/support/pages/ptf/SJ00208
https://www.ibm.com/support/pages/ptf/SJ00331
https://www.ibm.com/support/pages/ptf/SJ00333
https://www.ibm.com/support/pages/ptf/SJ00336
https://www.ibm.com/support/pages/ptf/SJ00341
https://www.ibm.com/support/pages/ptf/SJ00444
https://www.ibm.com/support/pages/ptf/SJ00446
https://www.ibm.com/support/pages/ptf/SJ00529

7.3|

SI85978
SI86023
SI86058
SI86089
SI86123
SI86242
SI86246
SJ00019
SJ00058
SJ00088 (12)
SJ00100 (12)
SJ00108
SJ00154
SJ00207
SJ00330
SJ00335
SJ00339
SJ00342
SJ00443
SJ00533

|

<https://www.ibm.com/support/pages/ptf/SI85978&gt;
https://www.ibm.com/support/pages/ptf/SI86023
https://www.ibm.com/support/pages/ptf/SI86058
https://www.ibm.com/support/pages/ptf/SI86089
https://www.ibm.com/support/pages/ptf/SI86123
https://www.ibm.com/support/pages/ptf/SI86242
https://www.ibm.com/support/pages/ptf/SI86246
https://www.ibm.com/support/pages/ptf/SJ00019
https://www.ibm.com/support/pages/ptf/SJ00058
https://www.ibm.com/support/pages/ptf/SJ00088
https://www.ibm.com/support/pages/ptf/SJ00100
https://www.ibm.com/support/pages/ptf/SJ00108
https://www.ibm.com/support/pages/ptf/SJ00154
https://www.ibm.com/support/pages/ptf/SJ00207
https://www.ibm.com/support/pages/ptf/SJ00330
https://www.ibm.com/support/pages/ptf/SJ00335
https://www.ibm.com/support/pages/ptf/SJ00339
https://www.ibm.com/support/pages/ptf/SJ00342
https://www.ibm.com/support/pages/ptf/SJ00443
https://www.ibm.com/support/pages/ptf/SJ00533

7.2|

SI85970
SI85981
SI85995
SI86092
SI86103
SI86241
SI86245
SJ00020
SJ00057
SJ00089 (12)
SJ00101 (12)
SJ00107
SJ00153
SJ00206
SJ00317
SJ00329
SJ00338
SJ00401
SJ00538

|

<https://www.ibm.com/support/pages/ptf/SI85970&gt;
<https://www.ibm.com/support/pages/ptf/SI85981&gt;
<https://www.ibm.com/support/pages/ptf/SI85995&gt;
https://www.ibm.com/support/pages/ptf/SI86092
https://www.ibm.com/support/pages/ptf/SI86103
https://www.ibm.com/support/pages/ptf/SI86241
https://www.ibm.com/support/pages/ptf/SI86245
https://www.ibm.com/support/pages/ptf/SJ00020
https://www.ibm.com/support/pages/ptf/SJ00057
https://www.ibm.com/support/pages/ptf/SJ00089
https://www.ibm.com/support/pages/ptf/SJ00101
https://www.ibm.com/support/pages/ptf/SJ00107
https://www.ibm.com/support/pages/ptf/SJ00153
https://www.ibm.com/support/pages/ptf/SJ00206
https://www.ibm.com/support/pages/ptf/SJ00317
https://www.ibm.com/support/pages/ptf/SJ00329
https://www.ibm.com/support/pages/ptf/SJ00338
https://www.ibm.com/support/pages/ptf/SJ00401
https://www.ibm.com/support/pages/ptf/SJ00538

<https://www.ibm.com/support/fixcentral&gt;

Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None