SB2023092614 - Multiple vulnerabilities in IBM Cloud Object System 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023092614

SB2023092614 - Multiple vulnerabilities in IBM Cloud Object System

Published: September 26, 2023

Security Bulletin ID SB2023092614
Severity
Medium
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 11% Low 89%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Improper locking (CVE-ID: CVE-2023-2269)

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.


2) Out-of-bounds read (CVE-ID: CVE-2023-34256)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within crc16 in lib/crc16.c when called from fs/ext4/super.c. A local user can trigger an out-of-bounds read error and crash the kernel.


3) Improper input validation (CVE-ID: CVE-2023-22041)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM for JDK. A local non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.


4) Improper input validation (CVE-ID: CVE-2023-22043)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the JavaFX component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


5) Improper input validation (CVE-ID: CVE-2023-22044)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.


6) Improper input validation (CVE-ID: CVE-2023-22006)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


7) Improper input validation (CVE-ID: CVE-2023-22045)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.


8) Improper input validation (CVE-ID: CVE-2023-22036)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Utility component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.


9) Improper input validation (CVE-ID: CVE-2023-22049)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.


Remediation

Install update from vendor's website.

References