SB2025051440 - Multiple vulnerabilities in IBM Storage Protect Plus
Published: May 14, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 30 secuirty vulnerabilities.
1) Access of Uninitialized Pointer (CVE-ID: CVE-2024-26641)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to access to uninitialized data within the __ip6_tnl_rcv() function in net/ipv6/ip6_tunnel.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
2) Integer overflow (CVE-ID: CVE-2024-23307)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
3) NULL pointer dereference (CVE-ID: CVE-2023-52450)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the discover_upi_topology() function in arch/x86/events/intel/uncore_snbep.c. A local user can perform a denial of service (DoS) attack.
4) NULL pointer dereference (CVE-ID: CVE-2023-6356)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_iovec() function in the Linux kernel's NVMe driver. A remote attacker can pass specially crafted TCP packets to the system and perform a denial of service (DoS) attack.
5) Out-of-bounds read (CVE-ID: CVE-2023-39193)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
6) Type Confusion (CVE-ID: CVE-2023-4194)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a type confusion error in TUN/TAP functionality. A local user can bypass network filters and gain unauthorized access to some resources.
The vulnerability exists due to incomplete fix for #VU72742 (CVE-2023-1076).
7) NULL pointer dereference (CVE-ID: CVE-2023-46862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the io_uring_show_fdinfo() function in io_uring/fdinfo.c. A local user can trigger a race with SQ thread exit and perform a denial of service (DoS) attack.
8) Buffer overflow (CVE-ID: CVE-2023-52455)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to memory corruption within the of_iommu_get_resv_regions() function in drivers/iommu/of_iommu.c. A local user can execute arbitrary code.
9) Use-after-free (CVE-ID: CVE-2023-6932)
The vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to a use-after-free error within the ipv4 igmp component in Linux kernel. A local authenticated user can trigger a use-after-free error and execute arbitrary code.
10) NULL pointer dereference (CVE-ID: CVE-2024-36930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __spi_sync() function in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.
11) Out-of-bounds read (CVE-ID: CVE-2023-39189)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the nfnl_osf_add_callback() function in Linux kernel Netfilter. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
12) Out-of-bounds write (CVE-ID: CVE-2023-45863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fill_kobj_path() function in lib/kobject.c. A local user can can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-25744)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to missing access restrictions related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. An untrusted VMM can trigger int80 syscall handling at any given point and perform a denial of service (DoS) attack.
14) Use-after-free (CVE-ID: CVE-2023-4244)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
15) NULL pointer dereference (CVE-ID: CVE-2024-36002)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpll_device_get_by_id(), dpll_pin_registration_find(), dpll_xa_ref_pin_add(), dpll_xa_ref_pin_del(), dpll_xa_ref_dpll_add(), dpll_xa_ref_dpll_del(), EXPORT_SYMBOL_GPL(), __dpll_pin_register(), dpll_pin_register(), dpll_pin_unregister(), dpll_pin_on_pin_register() and dpll_pin_on_pin_unregister() functions in drivers/dpll/dpll_core.c. A local user can perform a denial of service (DoS) attack.
16) Use of uninitialized resource (CVE-ID: CVE-2023-52477)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
17) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-52880)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.
18) Out-of-bounds write (CVE-ID: CVE-2022-36280)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
19) NULL pointer dereference (CVE-ID: CVE-2023-52490)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mm/migrate.c. A local user can perform a denial of service (DoS) attack.
20) Use-after-free (CVE-ID: CVE-2023-39198)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the QXL driver in the Linux kernel. A local privileged user can trigger a use-after-free error and escalate privileges on the system.
21) NULL pointer dereference (CVE-ID: CVE-2023-6622)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nft_dynset_init() function in net/netfilter/nft_dynset.c in nf_tables. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
22) Out-of-bounds read (CVE-ID: CVE-2023-39194)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
23) NULL pointer dereference (CVE-ID: CVE-2023-42754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
24) Incorrect calculation (CVE-ID: CVE-2024-27017)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
25) NULL pointer dereference (CVE-ID: CVE-2023-6915)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ida_free() function in lib/idr.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
26) Use-after-free (CVE-ID: CVE-2023-4133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cxgb4 driver in the Linux kernel. A local user can trigger a use-after-free and crash the kernel.
27) Use-after-free (CVE-ID: CVE-2022-48912)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_register_net_hook() function in net/netfilter/core.c. A local user can escalate privileges on the system.
28) Race condition (CVE-ID: CVE-2024-27030)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.
29) Integer underflow (CVE-ID: CVE-2024-26828)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can execute arbitrary code.
30) Double free (CVE-ID: CVE-2024-26930)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the kfree() function in drivers/scsi/qla2xxx/qla_os.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.