IBM AIX Vulnerability Let Attackers Trigger DoS Condition

IBM has reported vulnerabilities in its AIX operating system that could allow attackers to cause a Denial of Service (DoS) condition.

The identified vulnerabilities affect specific kernel extensions, potentially disrupting normal system operations.

Details of the Vulnerabilities:

IBM AIX is vulnerable in its TCP/IP and perfstat kernel extensions. Two distinct Common Vulnerabilities and Exposures (CVEs) have been issued:

CVE-2024-47102:

CVE-2024-47102 is a vulnerability in the AIX perfstat kernel extension arising from improper input validation (CWE-20).

A non-privileged local user can exploit this flaw to trigger a denial of service (DoS), significantly impacting system availability (A:H). It has a CVSS Base Score of 5.5, classifying it as a medium-severity issue. 

CVE-2024-52906:

 CVE-2024-52906 involves a race condition (CWE-362) within the AIX TCP/IP kernel extension.

This flaw also allows a non-privileged local attacker to cause a DoS condition, with the same medium severity CVSS Base Score of 5.5.

Both vulnerabilities affect availability and require local access but do not demand user interaction, making them relatively low in exploitation complexity.

Both vulnerabilities require local access but no user interaction, and they have a low complexity of exploitation.

Affected Products and Versions

The vulnerabilities affect the following IBM AIX and VIOS product versions:

Affected Product(s) Version(s)
AIX 7.2
AIX 7.3
VIOS 3.1
VIOS 4.1

IBM advises users to check their system for the affected filesets using the lslpp command outlined in the AIX user guide.

Patching to newer, non-vulnerable versions of the affected filesets is strongly recommended to mitigate the risk.

Administrators should ensure they monitor IBM advisories for further updates and security patches to avoid system disruptions caused by these vulnerabilities.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

More like this

Apache MINA Vulnerability Let Attackers Execute Remote Code