Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME8D05F29D900D84895CD9D2D6473326EACD870DBB01E6AEB337ACA4FA25FBB03
HistoryJan 12, 2024 - 4:31 p.m.

Security Bulletin: Vulnerability in Linux Kernel might affect IBM Spectrum Copy Data Management

2024-01-1216:31:03
www.ibm.com
10
ibm spectrum copy data management
linux kernel
vulnerability
elevated privileges
cve-2023-2163
remediation
ibm support pages

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Summary

IBM Spectrum Copy Data Management can be affected by a vulnerability in Linux Kernel. A locally authenticated attacker could exploit this vulnerability to gain elevated privileges on the system as described by the CVEs in the “Vulnerability Details” section. [CVE-2023-2163] This bulletin identifies the steps to take to address the vulnerability.

Vulnerability Details

CVEID:CVE-2023-2163
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an incorrect verifier pruning in BPF subsystem. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266812 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Copy Data Management 2.2.0.0 - 2.2.22

Remediation/Fixes

Affected Versions|**Fixing
**Level|Platform|**Link to Fix and Instructions
**
—|—|—|—
2.2.0.0 - 2.2.22| 2.2.22.1| Linux| ** **<https://www.ibm.com/support/pages/node/7070590&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmspectrum_copy_data_managementMatch2.2
CPENameOperatorVersion
ibm spectrum copy data managementeq2.2

Related

cbl_mariner 1
cvelist 1
redhatcve 1
ubuntucve 1
prion 1
thn 1
debiancve 1
nessus 72
nvd 1
cve 1
openvas 28
redhat 22
osv 14
rocky 3
oraclelinux 1
almalinux 1
ubuntu 10
ibm 3
cbl_mariner
cbl_mariner
CVE-2023-2163 affecting package kernel for versions less than 5.15.133.1-1
2023-10-11 01:41:59
cvelist
cvelist
CVE-2023-2163 Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation
2023-09-20 05:02:38
redhatcve
redhatcve
CVE-2023-2163
2023-09-22 17:54:54
ubuntucve
ubuntucve
CVE-2023-2163
2023-06-30 00:00:00
prion
prion
Privilege escalation
2023-09-20 06:15:00
thn
thn
New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows
2023-05-12 13:24:00
debiancve
debiancve
CVE-2023-2163
2023-09-20 06:15:10
nessus
nessus
SUSE SLES15 Security Update : kernel (Live Patch 41 for SLE 15 SP2) (SUSE-SU-2023:4835-1)
2023-12-15 00:00:00
SUSE SLES15 Security Update : kernel (Live Patch 37 for SLE 15 SP3) (SUSE-SU-2023:4839-1)
2023-12-15 00:00:00
SUSE SLES15 Security Update : kernel (Live Patch 32 for SLE 15 SP2) (SUSE-SU-2023:4833-1)
2023-12-15 00:00:00
nvd
nvd
CVE-2023-2163
2023-09-20 06:15:10
cve
cve
CVE-2023-2163
2023-09-20 06:15:10
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (Live Patch 37 for SLE 15 SP3) (SUSE-SU-2023:4839-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for the Linux Kernel (Live Patch 6 for SLE 15 SP5) (SUSE-SU-2023:4867-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for the Linux Kernel (Live Patch 27 for SLE 15 SP3) (SUSE-SU-2023:4871-1)
2024-03-04 00:00:00
redhat
redhat
(RHSA-2024:0376) Important: kpatch-patch security update
2024-01-23 17:13:31
(RHSA-2023:7554) Important: kpatch-patch security update
2023-11-28 17:45:46
(RHSA-2024:0403) Important: kernel security update
2024-01-24 14:40:13
osv
osv
Important: kernel security and bug fix update
2023-12-06 23:16:24
Important: kernel security and bug fix update
2023-12-06 23:18:20
Important: kernel security and bug fix update
2023-11-28 00:00:00
rocky
rocky
kernel security and bug fix update
2023-12-06 23:18:20
kernel security and bug fix update
2023-12-06 23:16:24
kernel-rt security update
2023-12-06 23:16:07
oraclelinux
oraclelinux
kernel security and bug fix update
2023-12-01 00:00:00
almalinux
almalinux
Important: kernel security and bug fix update
2023-11-28 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2023-09-08 00:00:00
Linux kernel vulnerabilities
2023-09-05 00:00:00
Linux kernel (Azure) vulnerabilities
2023-09-06 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Linux Kernel and Apache Axis can affect IBM Storage Protect Plus
2024-01-31 12:00:02
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:31:55
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-05-09 12:31:16

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON
Related for E8D05F29D900D84895CD9D2D6473326EACD870DBB01E6AEB337ACA4FA25FBB03
cbl_mariner1cvelist1redhatcve1ubuntucve1prion1thn1debiancve1nessus72nvd1cve1openvas28redhat22osv14rocky3oraclelinux1almalinux1ubuntu10ibm3