Local User Exploitation in IBM AIX TCP/IP Kernel Extension
CVE-2024-52906

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Aix
Vendor: CVE Published:; 25 December 2024

Summary

IBM AIX versions 7.2, 7.3, and Virtual I/O Server (VIOS) versions 3.1 and 4.1 are susceptible to a vulnerability that can be exploited by local users. This issue resides within the TCP/IP kernel extension, which could allow a non-privileged user to disrupt normal system operations. If exploited, this vulnerability can result in a denial of service, hindering system availability and performance.

Affected Version(s)

AIX 7.2, 7.3, VIOS 3.1, 4.1

References

https://www.ibm.com/support/pages/node/7179826

vendor-advisory

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 25, 2024
Vulnerability Reserved
Nov 17, 2024

Collectors

NVD DatabaseMitre Database