Lucene search

IBME9B87A2B4E22F8A9CBA06F3A232D69BF105D9560A0F00339CA93081DBA22B431

HistoryFeb 05, 2024 - 4:19 p.m.

Security Bulletin: Vulnerability with Kernel affect IBM Cloud Object Storage Systems (Jan 2024v1)

2024-02-0516:19:52

www.ibm.com

vulnerability

kernel

buffer overflow

linux

igb driver

remote attacker

arbitrary code

denial of service

ibm cloud object storage systems

clevos

security bulletin

cve-2023-45871

cvss

ibm cloud object system

remediation

fixes

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Summary

Vulnerability with Kernel - [CVE-2023-45871] This vulnerability has been addressed in the latest ClevOS releases

Vulnerability Details

CVEID:CVE-2023-45871
**DESCRIPTION:**Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/268717 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Cloud Object System	3.18.0.21 or Prior Releases

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now.

Product(s)

| Version Number | Remediation/Fix
—|—|—
IBM Cloud Object System | 3.18.0.40 | https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Cloud+Object+Storage+System&release=3.18.0.40&platform=All&function=all
IBM Cloud Object System | 3.18.1.45 | https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Cloud+Object+Storage+System&release=3.18.1.45&platform=All&function=all

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcloud_object_storage_systemMatch3.18

CPENameOperatorVersion
ibm cloud object storage systemeq3.18

CPE	Name	Operator	Version
	ibm cloud object storage system	eq	3.18

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for E9B87A2B4E22F8A9CBA06F3A232D69BF105D9560A0F00339CA93081DBA22B431