This vulnerability has been tested against: OpenVMS 7.3 on a V7R1C5 (Machine: AIX 5.3 with patch level 577. OpenVMS 7.2 on a V7R1C5 (Machine: AIX 5.2 with patch level 577. OpenVMS 7.1 on a V7R1B (Machine: AIX 5.1 with patch level 571.)

A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17004.

A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17005.

A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17006.

CPU-DVMFS Issue Overview

The following is a summary of the vulnerabilities.

CVE-2017-17004: A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17004
CVE-2017-17005: A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17005
CVE-2017-17006: A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17006

Low severity issue discovered with cpu dvfs

A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17004.

CPU DVMF Issues

A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17004.

References:

1. https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17004
2. https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17005
3. https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17006

Overview of the Vulnerability

The dvfs cpu routine of the OpenVMS operating system has a race condition that could allow a user to cause a denial of service or crash the machine. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation.
Note: CVE-2017-17004, CVE-2017-17005, and CVE-2017-17006 are all related vulnerabilities

Timeline

Published on: 10/07/2022 20:15:00 UTC
Last modified on: 10/12/2022 13:31:00 UTC

References