Local Code Execution Vulnerability in IBM AIX and VIOS
CVE-2021-38991

8.4HIGH

Key Information:

Vendor: IBM
Status: Aix; ViOS
Vendor: CVE Published:; 11 January 2022

What is CVE-2021-38991?

A vulnerability exists in the lscore command on IBM AIX versions 7.0, 7.1, 7.2, and VIOS 3.1 that could be potentially exploited by a non-privileged local user. Exploiting this vulnerability may allow unauthorized code execution, potentially leading to further compromise of the system. Affected users should ensure that appropriate security measures are implemented to mitigate risk.

Affected Version(s)

AIX 7.1

AIX 7.2

AIX 7.3

References

https://www.ibm.com/support/pages/node/6538952

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/212953

vdb-entryx_refsource_XF

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2022
Vulnerability Reserved
Aug 16, 2021