SB2022022129 - Privilege escalation in IBM Integrated Analytics System

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds write (CVE-ID: CVE-2021-37576)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a boundary error in arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform. An attacker on KVM guest OS can cause host OS memory corruption via rtas_args.nargs and execute arbitrary code on the host OS.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-linux-kernel-affects-ibm-integrated-analytics-system/"
• https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-linux-kernel-affects-ibm-integrated-analytics-system/</a></p><p>
• https://www.ibm.com/support/pages/node/6557218</p><p><br></p>