SB2025012709 - Multiple vulnerabilities in IBM Storage Copy Data Management
Published: January 27, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2024-40911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cfg80211_get_station() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2024-40958)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.
3) Buffer overflow (CVE-ID: CVE-2024-40941)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the iwl_mvm_mfu_assert_dump_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
4) NULL pointer dereference (CVE-ID: CVE-2024-40959)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.
5) Infinite loop (CVE-ID: CVE-2024-42246)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.
6) Improper locking (CVE-ID: CVE-2024-40904)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wdm_int_callback() function in drivers/usb/class/cdc-wdm.c. A local user can perform a denial of service (DoS) attack.
7) Improper locking (CVE-ID: CVE-2024-39501)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.
8) Integer overflow (CVE-ID: CVE-2024-42131)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the domain_dirty_limits(), node_dirty_limit(), dirty_background_bytes_handler() and dirty_bytes_handler() functions in mm/page-writeback.c. A local user can execute arbitrary code.
9) Out-of-bounds read (CVE-ID: CVE-2024-41071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.
10) Memory leak (CVE-ID: CVE-2024-41076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_set_security_label() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2024-40929)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_scan_umac_dwell() and iwl_mvm_scan_umac_dwell_v10() functions in drivers/net/wireless/intel/iwlwifi/mvm/scan.c. A local user can perform a denial of service (DoS) attack.
12) Buffer overflow (CVE-ID: CVE-2024-40974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the arch/powerpc/include/asm/hvcall.h. A local user can perform a denial of service (DoS) attack.
13) Improper locking (CVE-ID: CVE-2024-40995)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
14) Memory leak (CVE-ID: CVE-2024-42152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_sq_destroy() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
15) Resource management error (CVE-ID: CVE-2024-40988)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.
16) Resource management error (CVE-ID: CVE-2024-40978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
17) Infinite loop (CVE-ID: CVE-2024-42238)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cs_dsp_load() and cs_dsp_load_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.
18) Improper locking (CVE-ID: CVE-2024-40977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mt76s_tx_status_data() function in drivers/net/wireless/mediatek/mt76/sdio.c, within the mt7921s_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/sdio_mac.c, within the mt7921e_mac_reset() function in drivers/net/wireless/mediatek/mt76/mt7921/pci_mac.c, within the mt7921_mac_reset_work() function in drivers/net/wireless/mediatek/mt76/mt7921/mac.c. A local user can perform a denial of service (DoS) attack.
19) Out-of-bounds read (CVE-ID: CVE-2023-52451)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.
20) Out-of-bounds read (CVE-ID: CVE-2024-39471)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
21) NULL pointer dereference (CVE-ID: CVE-2024-41055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.
22) Input validation error (CVE-ID: CVE-2024-40989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vgic_v3_free_redist_region() and vgic_v3_set_redist_base() functions in arch/arm64/kvm/vgic/vgic-mmio-v3.c, within the kvm_vgic_dist_destroy() function in arch/arm64/kvm/vgic/vgic-init.c. A local user can perform a denial of service (DoS) attack.
23) Memory leak (CVE-ID: CVE-2024-40997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amd_pstate_epp_cpu_exit() function in drivers/cpufreq/amd-pstate.c. A local user can perform a denial of service (DoS) attack.
24) Improper locking (CVE-ID: CVE-2024-40912)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ieee80211_sta_ps_deliver_wakeup() function in net/mac80211/sta_info.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.