SB2023032107 - Multiple vulnerabilities in IBM Spectrum Copy Data Management

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023032107

SB2023032107 - Multiple vulnerabilities in IBM Spectrum Copy Data Management

Published: March 21, 2023

Security Bulletin ID SB2023032107
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2022-2964)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


2) Out-of-bounds write (CVE-ID: CVE-2022-2601)

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to a boundary error within the grub_font_construct_glyph() function when handling pf2 font. An attacker with physical access to the affected system can trigger an out-of-bounds write and bypass secure boot restrictions.


3) Race condition (CVE-ID: CVE-2020-36557)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition between the VT_DISALLOCATE IOCTL and closing/opening of ttys. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.


Remediation

Install update from vendor's website.

References