Potential Privilege Escalation Vulnerability in AIX Unix Domain Datagram Sockets
CVE-2024-27273

8.1HIGH

Key Information:

Vendor: IBM
Status: Aix
Vendor: CVE Published:; 7 May 2024

Summary

The AIX operating system, specifically versions 7.2, 7.3, and the Virtual I/O Server (VIOS) versions 3.1 and 4.1, contains a vulnerability in its Unix domain datagram socket implementation. This weakness could enable malicious actors to exploit applications utilizing Unix domain datagram sockets with the SO_PEERID option, potentially resulting in unauthorized privilege escalation. The potential impact of this vulnerability emphasizes the importance of applying appropriate security updates and configurations for affected systems.

Affected Version(s)

AIX 7.2, 7.3, VIOS 3.1, VIOS 4.1

References

https://www.ibm.com/support/pages/node/7150297

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/284903

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Feb 22, 2024

Credit

Christian Kohlschuetter