SB2024102803 - Multiple vulnerabilities in IBM Cloud Pak System

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024102803

SB2024102803 - Multiple vulnerabilities in IBM Cloud Pak System

Published: October 28, 2024

Security Bulletin ID SB2024102803
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2024-22254)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user with privileges within the VMX process can trigger an out-of-bounds write and escape sandbox restrictions.


2) Out-of-bounds write (CVE-ID: CVE-2024-22273)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the storage controllers functionality. An attacker with access to a virtual machine with storage controllers enabled can trigger an out-of-bounds write and execute arbitrary code on the hypervisor from a virtual machine.


3) Out-of-bounds read (CVE-ID: CVE-2024-37086)

The vulnerability allows a malicious user on the guest OS to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition. An attacker with access to the guest OS can trigger an out-of-bounds read and crash the host OS.


Remediation

Install update from vendor's website.

References