SB2026051224 - Multiple vulnerabilities in IBM Cloud Pak for Data System - Cyclops
Published: May 12, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-4598)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in systemd-coredump when handling process crashes. A local user who can force a SUID process to crash can replace it with a non-SUID binary to access the original's privileged process coredump and read sensitive data, such as /etc/shadow content, loaded by the original process.
2) Integer overflow (CVE-ID: CVE-2025-3360)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow with the g_date_time_new_from_iso8601() function when parsing a long invalid ISO 8601 timestamp. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
3) Integer overflow (CVE-ID: CVE-2022-41409)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in pcre2test. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
4) Resource exhaustion (CVE-ID: CVE-2022-27943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within demangle_const in libiberty/rust-demangle.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2025-8114)
The vulnerability allows a remote attack to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when calculating the session ID during the key exchange (KEX) process. A remote attacker can trick the victim into connecting to a malicious SSH server and crash the client app.
6) Return of Wrong Status Code (CVE-ID: CVE-2025-5987)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect handling of the wrong status code returned by the OpenSSL within the chacha20_poly1305_set_key() function when using the ChaCha20 cipher with the OpenSSL library. A remote attacker can force the library to partially initialize cipher context, leading to an undefined application's behavior.
7) Incorrect calculation (CVE-ID: CVE-2025-5372)
The vulnerability allows a remote user to perform MitM attack.
The vulnerability exist due to incorrect calculation within the ssh_kdf() function responsible for key derivation when built with OpenSSL versions older than 3.0. A remote user can compromise the integrity of the SSH session.
8) Double free (CVE-ID: CVE-2025-5351)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the internal function responsible for converting cryptographic keys into serialized formats. A remote user can trigger a double free error and perform a denial of service attack in low-memory scenarios.
9) Out-of-bounds read (CVE-ID: CVE-2025-5318)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sftp_handle() function. A remote user can trigger an out-of-bounds read error and read contents of memory on the system.
10) Out-of-bounds read (CVE-ID: CVE-2025-5278)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the begfield() function when handling an overly large key value. A remote attacker can trick the victim into passing specially crafted input to the application, trigger an out-of-bounds read error and read contents of memory on the system.
11) Improper authentication (CVE-ID: CVE-2025-23419)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an TLS session resumption when handling client certificate authentication. A remote attacker can bypass authentication process and gain unauthorized access to the application.
Successful exploitation of the vulnerability requires that name-based virtual hosts are configured to share the same IP address and port combination and have TLS 1.3 and OpenSSL. This vulnerability arises when TLS session tickets are used and/or the SSL session cache is used in the default virtual server and the default virtual server is performing client certificate authentication.
12) Covert Timing Channel (CVE-ID: CVE-2024-13176)
The vulnerability allows a remote attacker to recover a private key.
The vulnerability exists due to a timing side-channel in ECDSA signature computations. A remote attacker can recover the private key and decrypt data.
Successful exploitation of the vulnerability requires that the attacker's process must either be located in the same physical computer or must have a very fast network connection with low latency.
13) Input validation error (CVE-ID: CVE-2023-29499)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2024-0232)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the jsonParseAddNodeArray() function in sqlite3.c. A remote attacker can pass specially crafted json data to the application and perform a denial of service (DoS) attack.
15) Input validation error (CVE-ID: CVE-2023-32636)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted GVariants to the application and perform a denial of service (DoS) attack.
16) Out-of-bounds read (CVE-ID: CVE-2025-5918)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when file streams are piped into bsdtar. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
17) Off-by-one (CVE-ID: CVE-2025-5917)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error when handling prefixes and suffixes for file names. A remote attacker can trigger an off-by-one error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Integer overflow (CVE-ID: CVE-2025-5916)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing a Web Archive (WARC) file. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Heap-based buffer overflow (CVE-ID: CVE-2025-5915)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim into opening a specially crafted .rar archive, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) NULL pointer dereference (CVE-ID: CVE-2025-1632)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in bsdunzip.c. A remote attacker can pass specially crafted archive to the application and perform a denial of service (DoS) attack.
21) Input validation error (CVE-ID: CVE-2023-50495)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the _nc_wrap_entry() function. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
22) Input validation error (CVE-ID: CVE-2025-30258)
The vulnerability allows a remote attacker to disable signature verification.
The vulnerability exists due to an error when handling subkey data. A remote attacker can trick the victim into importing a specially crafted certificate with subkey data that lacks a valid backsig or that has incorrect usage flags and disable signature verification for other signing keys.
23) Out-of-bounds write (CVE-ID: CVE-2022-3219)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. A remote attacker can send a specially crafted file, trigger an out-of-bounds write and execute arbitrary code on the target system.
24) Out-of-bounds read (CVE-ID: CVE-2023-4156)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in builtin.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.