SB2025070144 - Multiple vulnerabilities in IBM Storage Scale System
Published: July 1, 2025 Updated: November 28, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2024-26759)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the swapcache_prepare() function in mm/swapfile.c, within the do_swap_page() and folio_unlock() functions in mm/memory.c. A local user can escalate privileges on the system.
2) Out-of-bounds read (CVE-ID: CVE-2024-5535)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the SSL_select_next_proto() function when using NPN. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds read and perform a denial of service (DoS) attack.
3) Integer overflow (CVE-ID: CVE-2023-52683)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the lpit_update_residency() function in drivers/acpi/acpi_lpit.c. A local user can execute arbitrary code.
4) Memory leak (CVE-ID: CVE-2024-27012)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_rbtree_activate() and nft_rbtree_walk() functions in net/netfilter/nft_set_rbtree.c, within the nft_pipapo_activate() and nft_pipapo_walk() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_activate(), nft_rhash_walk(), nft_hash_activate() and nft_hash_walk() functions in net/netfilter/nft_set_hash.c, within the nft_bitmap_activate() and nft_bitmap_walk() functions in net/netfilter/nft_set_bitmap.c, within the nft_mapelem_deactivate(), nft_map_catchall_deactivate(), nft_setelem_validate(), nf_tables_bind_check_setelem(), nft_mapelem_activate(), nft_map_catchall_activate(), nf_tables_dump_setelem(), nft_setelem_activate(), nft_setelem_flush() and nf_tables_loop_check_setelem() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2024-26614)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.
6) Improper locking (CVE-ID: CVE-2024-35959)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_priv_cleanup() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c, within the mlx5e_selq_init() and mlx5e_selq_cleanup() functions in drivers/net/ethernet/mellanox/mlx5/core/en/selq.c. A local user can perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2025-27516)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to sandbox breakout through attr filter selecting format method. A local user can execute arbitrary code on the system.
8) Integer overflow (CVE-ID: CVE-2024-23307)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
9) Double free (CVE-ID: CVE-2024-35835)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
10) Race condition (CVE-ID: CVE-2024-26960)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.
11) Improper locking (CVE-ID: CVE-2023-52615)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rng_get_data() and rng_dev_read() functions in drivers/char/hw_random/core.c. A local user can perform a denial of service (DoS) attack.
12) Buffer overflow (CVE-ID: CVE-2024-26733)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
13) Infinite loop (CVE-ID: CVE-2024-26603)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in arch/x86/kernel/fpu/signal.c. A local user can consume all available system resources and cause denial of service conditions.
14) Integer overflow (CVE-ID: CVE-2021-47432)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the __genradix_iter_peek() function in lib/generic-radix-tree.c. A local user can execute arbitrary code.
15) Improper locking (CVE-ID: CVE-2024-26772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
16) Improper locking (CVE-ID: CVE-2024-46695)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smack_inode_notifysecctx() function in security/smack/smack_lsm.c, within the selinux_inode_notifysecctx() function in security/selinux/hooks.c. A local user can perform a denial of service (DoS) attack.
17) NULL pointer dereference (CVE-ID: CVE-2024-36902)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
18) Incorrect calculation (CVE-ID: CVE-2024-27017)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
19) Improper locking (CVE-ID: CVE-2024-27014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
20) Improper neutralization of directives in statically saved code (\'static code injection\') (CVE-ID: CVE-2024-42084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake.
21) Improper error handling (CVE-ID: CVE-2024-35809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.