Multiple vulnerabilities in IBM Integrated Analytics System
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 32 |
| CVE-ID | CVE-2023-52598 CVE-2023-52662 CVE-2023-52832 CVE-2023-52811 CVE-2023-52803 CVE-2023-52648 CVE-2023-52679 CVE-2023-52791 CVE-2023-52798 CVE-2023-52777 CVE-2023-52610 CVE-2023-52622 CVE-2023-52800 CVE-2024-36953 CVE-2023-52864 CVE-2023-52796 CVE-2023-52606 CVE-2023-52623 CVE-2023-52581 CVE-2023-52784 CVE-2023-52834 CVE-2023-52653 CVE-2023-52847 CVE-2023-52560 CVE-2023-52658 CVE-2023-52597 CVE-2023-52530 CVE-2023-52813 CVE-2023-52730 CVE-2023-52683 CVE-2023-52607 CVE-2023-52775 |
| CWE-ID | CWE-399 CWE-401 CWE-190 CWE-476 CWE-416 CWE-415 CWE-667 CWE-119 CWE-388 CWE-20 CWE-254 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
IBM Integrated Analytics System Web applications / Other software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 32 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU93864
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU90444
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52662
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU91425
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52832
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU90535
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52811
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ibmvfc_get_event(), ibmvfc_queuecommand(), ibmvfc_bsg_timeout(), ibmvfc_bsg_plogi(), ibmvfc_bsg_request(), ibmvfc_reset_device(), ibmvfc_init_tmf(), ibmvfc_cancel_all_mq(), ibmvfc_abort_task_set(), ibmvfc_tgt_send_prli(), ibmvfc_tgt_send_plogi(), __ibmvfc_tgt_get_implicit_logout_evt(), ibmvfc_tgt_implicit_logout(), ibmvfc_tgt_move_login(), ibmvfc_adisc_timeout(), ibmvfc_tgt_adisc(), ibmvfc_tgt_query_target(), ibmvfc_discover_targets(), ibmvfc_channel_setup(), ibmvfc_channel_enquiry(), ibmvfc_npiv_login() and ibmvfc_npiv_logout() functions in drivers/scsi/ibmvscsi/ibmvfc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU90079
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52803
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpc_clnt_remove_pipedir() and rpc_setup_pipedir() functions in net/sunrpc/clnt.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU92985
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52648
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmw_du_cursor_plane_prepare_fb() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Double free
EUVDB-ID: #VU90892
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52679
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the of_unittest_parse_phandle_with_args() and of_unittest_parse_phandle_with_args_map() functions in drivers/of/unittest.c, within the of_parse_phandle_with_args_map() function in drivers/of/base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper locking
EUVDB-ID: #VU93438
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52791
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/i2c/i2c-core.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU90075
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52798
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_wmi_pdev_dfs_radar_detected_event() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU90072
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52777
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_wmi_gtk_offload_status_event() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU89382
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52610
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU93471
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90071
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper error handling
EUVDB-ID: #VU93450
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36953
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU91198
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52864
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper locking
EUVDB-ID: #VU91506
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52796
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipvlan_addr_lookup(), IS_ENABLED() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU87343
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52606
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper locking
EUVDB-ID: #VU92046
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52623
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU89385
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52581
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the nft_trans_gc_space() function in net/netfilter/nf_tables_api.c. A local user can force the system to leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper error handling
EUVDB-ID: #VU93650
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bond_setup_by_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU93304
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52834
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the atl1c_set_mac_addr(), atl1c_init_ring_ptrs(), atl1c_free_ring_resources(), atl1c_rx_checksum() and atl1c_alloc_rx_buffer() functions in drivers/net/ethernet/atheros/atl1c/atl1c_main.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory leak
EUVDB-ID: #VU90459
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52653
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gss_import_v2_context() function in net/sunrpc/auth_gss/gss_krb5_mech.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU91054
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52847
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bttv_remove() function in drivers/media/pci/bt8xx/bttv-driver.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU90024
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52560
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the damon_do_test_apply_three_regions() function in mm/damon/vaddr-test.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU93683
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52658
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the esw_inline_mode_to_devlink() and mlx5_devlink_eswitch_mode_set() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Security features bypass
EUVDB-ID: #VU92172
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52597
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU90237
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52530
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_key_link() function in net/mac80211/key.c, within the ieee80211_add_key() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Resource management error
EUVDB-ID: #VU91607
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52813
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pcrypt_aead_encrypt() function in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Information disclosure
EUVDB-ID: #VU91333
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52730
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sdio_read_func_cis() and sdio_free_func_cis() functions in drivers/mmc/core/sdio_cis.c, within the sdio_release_func(), sdio_alloc_func() and sdio_add_func() functions in drivers/mmc/core/sdio_bus.c. A local user can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Integer overflow
EUVDB-ID: #VU91424
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52683
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the lpit_update_residency() function in drivers/acpi/acpi_lpit.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU90841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Buffer overflow
EUVDB-ID: #VU93425
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-52775
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the smcr_clnt_conf_first_link() function in net/smc/af_smc.c when handling SMC DECLINE messages. A remote attacker can send specially crafted SMC DECLINE message to the system, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Integrated Analytics System: 1.0.0 - 1.0.30.0
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_integrated_analytics_system:1.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7233965
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
