Potential Privilege Escalation Vulnerability in AIX Unix Domain Datagram Sockets
CVE-2024-27273
8.1HIGH
Summary
The AIX operating system, specifically versions 7.2, 7.3, and the Virtual I/O Server (VIOS) versions 3.1 and 4.1, contains a vulnerability in its Unix domain datagram socket implementation. This weakness could enable malicious actors to exploit applications utilizing Unix domain datagram sockets with the SO_PEERID option, potentially resulting in unauthorized privilege escalation. The potential impact of this vulnerability emphasizes the importance of applying appropriate security updates and configurations for affected systems.
Affected Version(s)
AIX 7.2, 7.3, VIOS 3.1, VIOS 4.1
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Christian Kohlschuetter