SB2025100733 - Multiple vulnerabilities in IBM Storage Scale System

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025100733

SB2025100733 - Multiple vulnerabilities in IBM Storage Scale System

Published: October 7, 2025

Security Bulletin ID SB2025100733
Severity
Low
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2024-26973)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.


2) Improper locking (CVE-ID: CVE-2024-26907)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the set_eth_seg() function in drivers/infiniband/hw/mlx5/wr.c. A local user can execute arbitrary code.


3) Use of uninitialized resource (CVE-ID: CVE-2023-52477)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.


4) Information disclosure (CVE-ID: CVE-2024-26901)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.


5) Incorrect calculation (CVE-ID: CVE-2024-26645)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the __tracing_map_insert() function in kernel/trace/tracing_map.c. A local user can perform a denial of service (DoS) attack.


6) NULL pointer dereference (CVE-ID: CVE-2023-52492)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.


7) NULL pointer dereference (CVE-ID: CVE-2023-52869)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pstore_register() function in fs/pstore/platform.c. A local user can perform a denial of service (DoS) attack.


8) Memory leak (CVE-ID: CVE-2023-52560)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the damon_do_test_apply_three_regions() function in mm/damon/vaddr-test.h. A local user can perform a denial of service (DoS) attack.


9) Buffer overflow (CVE-ID: CVE-2023-52622)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.


10) Improper locking (CVE-ID: CVE-2023-52672)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pipe_resize_ring() and pipe_set_size() functions in fs/pipe.c. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References