SB2024121722 - Multiple vulnerabilities in IBM Storage Scale System
Published: December 17, 2024 Updated: January 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 41 secuirty vulnerabilities.
1) Reachable Assertion (CVE-ID: CVE-2023-52580)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in net/core/flow_dissector.c. A remote attacker on the local network can send specially crafted PTP ethernet frames to the system and perform a denial of service (DoS) attack.
2) Improper locking (CVE-ID: CVE-2023-52474)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the build_vnic_ulp_payload() function in drivers/infiniband/hw/hfi1/vnic_sdma.c, within the build_verbs_tx_desc() function in drivers/infiniband/hw/hfi1/verbs.c, within the user_sdma_send_pkts(), add_system_pages_to_sdma_packet(), hfi1_user_sdma_process_request(), user_sdma_txadd_ahg(), sdma_cache_evict(), user_sdma_txreq_cb(), pq_update(), user_sdma_free_request(), set_comp_state() and sdma_rb_remove() functions in drivers/infiniband/hw/hfi1/user_sdma.c, within the sdma_unmap_desc(), ext_coal_sdma_tx_descs() and _pad_sdma_tx_descs() functions in drivers/infiniband/hw/hfi1/sdma.c, within the hfi1_mmu_rb_insert(), hfi1_mmu_rb_get_first(), __mmu_rb_search() and hfi1_mmu_rb_evict() functions in drivers/infiniband/hw/hfi1/mmu_rb.c, within the hfi1_ipoib_build_ulp_payload() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can execute arbitrary code.
3) Memory leak (CVE-ID: CVE-2023-52610)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in net/sched/act_ct.c. A local user can force the kernel to leak memory and perform denial of service attack.
4) NULL pointer dereference (CVE-ID: CVE-2023-52472)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rsa_check_exponent_fips() function in crypto/rsa.c. A local user can perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2023-6915)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ida_free() function in lib/idr.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
6) Out-of-bounds read (CVE-ID: CVE-2023-52476)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the branch_type() and get_branch_type() functions in arch/x86/events/utils.c. A local user can trigger an out-of-bounds read error and crash the kernel.
7) Race condition (CVE-ID: CVE-2024-24855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
8) Improper locking (CVE-ID: CVE-2024-26826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __mptcp_retransmit_pending_data() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
9) Resource exhaustion (CVE-ID: CVE-2023-1206)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
10) Resource management error (CVE-ID: CVE-2024-40978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
11) Improper authorization (CVE-ID: CVE-2024-10979)
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to incorrect control of environment variables. A remote unprivileged database user can change sensitive process environment variables (e.g. PATH) and execute arbitrary code on the database server.
12) Use-after-free (CVE-ID: CVE-2024-40954)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sk_common_release() function in net/core/sock.c. A local user can escalate privileges on the system.
13) Improper access control (CVE-ID: CVE-2023-52620)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.
14) NULL pointer dereference (CVE-ID: CVE-2024-40959)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xfrm6_get_saddr() function in net/ipv6/xfrm6_policy.c. A local user can perform a denial of service (DoS) attack.
15) Out-of-bounds read (CVE-ID: CVE-2023-3268)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the relay_file_read_start_pos() function in kernel/relay.c in the relayfs. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
16) Out-of-bounds read (CVE-ID: CVE-2023-39194)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
17) Out-of-bounds write (CVE-ID: CVE-2023-45863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fill_kobj_path() function in lib/kobject.c. A local user can can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
18) NULL pointer dereference (CVE-ID: CVE-2024-40960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rt6_probe() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.
19) NULL pointer dereference (CVE-ID: CVE-2023-6622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nft_dynset_init() function in net/netfilter/nft_dynset.c in nf_tables. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
20) Resource management error (CVE-ID: CVE-2024-26640)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
21) Infinite loop (CVE-ID: CVE-2024-38601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
22) Improper locking (CVE-ID: CVE-2024-40972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_xattr_set_entry(), iput(), ext4_xattr_block_set() and ext4_xattr_ibody_set() functions in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.
23) Use of uninitialized resource (CVE-ID: CVE-2024-36889)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.
24) Improper locking (CVE-ID: CVE-2024-26629)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the check_for_locks() and nfsd4_release_lockowner() functions in fs/nfsd/nfs4state.c. A local user can perform a denial of service (DoS) attack.
25) NULL pointer dereference (CVE-ID: CVE-2024-0841)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.
26) Buffer overflow (CVE-ID: CVE-2023-52455)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to memory corruption within the of_iommu_get_resv_regions() function in drivers/iommu/of_iommu.c. A local user can execute arbitrary code.
27) NULL pointer dereference (CVE-ID: CVE-2021-47289)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/acpi/acpi_bus.h. A local user can perform a denial of service (DoS) attack.
28) Race condition (CVE-ID: CVE-2023-52489)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the section_deactivate() function in mm/sparse.c. A local user can exploit the race and escalate privileges on the system.
29) Improper locking (CVE-ID: CVE-2024-41064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the eeh_pe_bus_get() function in arch/powerpc/kernel/eeh_pe.c. A local user can perform a denial of service (DoS) attack.
30) Memory leak (CVE-ID: CVE-2023-0597)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to memory leak within the Linux kernel cpu_entry_area mapping of X86 CPU data. A local user can gain access to sensitive information.
31) Improper locking (CVE-ID: CVE-2023-2269)
The vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.
32) Observable discrepancy (CVE-ID: CVE-2023-3640)
The vulnerability allows a local user to execute arbitrary code.
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
33) NULL pointer dereference (CVE-ID: CVE-2023-42754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
34) Incorrect calculation (CVE-ID: CVE-2023-3161)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation in the Framebuffer Console (fbcon) in the Linux kernel. A local user can perform a denial of service (DoS) attack.
35) Input validation error (CVE-ID: CVE-2024-26633)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in NEXTHDR_FRAGMENT handling within the ip6_tnl_parse_tlv_enc_lim() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
36) Buffer overflow (CVE-ID: CVE-2024-26671)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
37) Type Confusion (CVE-ID: CVE-2023-1077)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the pick_next_rt_entity() function pick_next_rt_entity(). A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.
38) Memory leak (CVE-ID: CVE-2024-42152)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvmet_sq_destroy() function in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
39) NULL pointer dereference (CVE-ID: CVE-2024-41055)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the include/linux/mmzone.h. A local user can perform a denial of service (DoS) attack.
40) Type Confusion (CVE-ID: CVE-2024-6119)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error when performing certificate name checks. A remote attacker can supply a specially crafted X.509 certificate to the server, trigger a type confusion error and perform a denial of service (DoS) attack.
41) Memory leak (CVE-ID: CVE-2023-52581)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the nft_trans_gc_space() function in net/netfilter/nf_tables_api.c. A local user can force the system to leak memory and perform denial of service attack.
Remediation
Install update from vendor's website.