Potential Privilege Escalation Vulnerability in AIX Unix Domain Datagram Sockets
CVE-2024-27273

8.1HIGH

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
7 May 2024

Summary

The AIX operating system, specifically versions 7.2, 7.3, and the Virtual I/O Server (VIOS) versions 3.1 and 4.1, contains a vulnerability in its Unix domain datagram socket implementation. This weakness could enable malicious actors to exploit applications utilizing Unix domain datagram sockets with the SO_PEERID option, potentially resulting in unauthorized privilege escalation. The potential impact of this vulnerability emphasizes the importance of applying appropriate security updates and configurations for affected systems.

Affected Version(s)

AIX 7.2, 7.3, VIOS 3.1, VIOS 4.1

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Christian Kohlschuetter
.