Multiple vulnerabilities in IBM Storage Copy Data Management



Risk Medium
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2024-25742
CVE-2023-6932
CVE-2024-25743
CVE-2024-25744
CVE-2023-39198
CVE-2023-28464
CVE-2024-26610
CVE-2023-52580
CVE-2023-52581
CVE-2023-52439
CVE-2023-4244
CWE-ID CWE-94
CWE-416
CWE-264
CWE-415
CWE-119
CWE-617
CWE-401
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Storage Copy Data Management
Other software / Other software solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Code Injection

EUVDB-ID: #VU89087

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25742

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a malicious hypervisor to escalate privileges on the system.

The vulnerability exists due to improper input validation when handling interrupts. A malicious hypervisor can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the value stored in EAX while a SEV VM is running.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU84585

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6932

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to a use-after-free error within the ipv4 igmp component in Linux kernel. A local authenticated user can trigger a use-after-free error and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Code Injection

EUVDB-ID: #VU89086

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25743

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a malicious hypervisor to escalate privileges on the system.

The vulnerability exists due to improper input validation when handling interrupts. A malicious hypervisor can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the value stored in EAX while a SEV VM is running.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU87191

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25744

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to missing access restrictions related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. An untrusted VMM can trigger int80 syscall handling at any given point and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU83904

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-39198

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the QXL driver in the Linux kernel. A local privileged user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Double Free

EUVDB-ID: #VU74147

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28464

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the hci_conn_cleanup() function in net/bluetooth/hci_conn.c in Linux kernel. A local user can trigger a double free error and execute arbitrary code with elevated privileges.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU89679

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26610

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Reachable Assertion

EUVDB-ID: #VU89383

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52580

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in net/core/flow_dissector.c. A remote attacker on the local network can send specially crafted PTP ethernet frames to the system and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU89385

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52581

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the nft_trans_gc_space() function in net/netfilter/nf_tables_api.c. A local user can force the system to leak memory and perform denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU87573

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52439

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uio_open() function in drivers/uio/uio.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use-after-free

EUVDB-ID: #VU82306

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-4244

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Storage Copy Data Management: before 2.2.24.1

CPE2.3 External links

http://www.ibm.com/support/pages/node/7165411


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###