SB2026012039 - Multiple vulnerabilities in IBM Storage Scale System

Description

This security bulletin contains information about 17 secuirty vulnerabilities.

1) Race condition (CVE-ID: CVE-2024-26708)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the subflow_simultaneous_connect() function in net/mptcp/protocol.h. A local user can perform a denial of service (DoS) attack.

2) Resource exhaustion (CVE-ID: CVE-2024-2511)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unbounded memory growth when processing TLSv1.3 sessions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that the non-default SSL_OP_NO_TICKET option is being used in TLSv1.3.

3) Use-after-free (CVE-ID: CVE-2024-4741)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the SSL_free_buffers() function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.

Note, the vulnerability affects only applications that call the vulnerable function.

4) Memory leak (CVE-ID: CVE-2024-26900)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

5) Double free (CVE-ID: CVE-2024-26782)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the mptcp_inet6_sk() and mptcp_sk_clone() functions in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

6) Memory leak (CVE-ID: CVE-2024-26734)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the devlink_init() function in net/devlink/core.c. A local user can perform a denial of service (DoS) attack.

7) Improper locking (CVE-ID: CVE-2024-42090)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

8) Improper locking (CVE-ID: CVE-2024-26725)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dpll_nl_pin_get_dumpit(), dpll_nl_device_get_dumpit() and dpll_unlock_doit() functions in drivers/dpll/dpll_netlink.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2024-41020)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the fcntl_setlk64() function in fs/locks.c. A local user can perform a denial of service (DoS) attack.

10) Use-after-free (CVE-ID: CVE-2024-41012)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the fcntl_setlk() function in fs/locks.c. A local user can escalate privileges on the system.

11) Use-after-free (CVE-ID: CVE-2024-42302)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the pci_bus_max_d3cold_delay() and pci_bridge_wait_for_secondary_bus() functions in drivers/pci/pci.c. A local user can escalate privileges on the system.

12) Integer underflow (CVE-ID: CVE-2024-42316)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the folio_rotate_reclaimable() function in mm/vmscan.c. A local user can execute arbitrary code.

13) NULL pointer dereference (CVE-ID: CVE-2024-36930)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __spi_sync() function in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.

14) Improper locking (CVE-ID: CVE-2024-42294)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the del_gendisk() function in block/genhd.c. A local user can perform a denial of service (DoS) attack.

15) Improper locking (CVE-ID: CVE-2024-43855)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the md_end_flush(), submit_flushes() and md_submit_flush_data() functions in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

16) Use of uninitialized resource (CVE-ID: CVE-2024-46697)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the nfsd4_encode_fattr4() function in fs/nfsd/nfs4xdr.c. A local user can perform a denial of service (DoS) attack.

17) Input validation error (CVE-ID: CVE-2024-50058)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/7254807