CVE-2022-32592 dvfs in cpu could write out of bounds, which could lead to local escalation of privilege with System privileges needed. User interaction is not needed for exploitation.
This vulnerability has been tested against: OpenVMS 7.3 on a V7R1C5 (Machine: AIX 5.3 with patch level 577. OpenVMS 7.2 on a V7R1C5 (Machine: AIX 5.2 with patch level 577. OpenVMS 7.1 on a V7R1B (Machine: AIX 5.1 with patch level 571.)
A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17004.
A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17005.
A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17006.
CPU-DVMFS Issue Overview
The following is a summary of the vulnerabilities.
CVE-2017-17004: A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17004
CVE-2017-17005: A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17005
CVE-2017-17006: A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17006
Low severity issue discovered with cpu dvfs
A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17004.
CPU DVMF Issues
A low severity issue was discovered with cpu dvfs. A race condition could occur when a signal is received. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation. This issue has been assigned the ID CVE-2017-17004.
References:
1. https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17004
2. https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17005
3. https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17006
Overview of the Vulnerability
The dvfs cpu routine of the OpenVMS operating system has a race condition that could allow a user to cause a denial of service or crash the machine. A local attacker could use this to cause a denial of service. This issue only occurs on AIX 5.1. User interaction is required for exploitation.
Note: CVE-2017-17004, CVE-2017-17005, and CVE-2017-17006 are all related vulnerabilities
Timeline
Published on: 10/07/2022 20:15:00 UTC
Last modified on: 10/12/2022 13:31:00 UTC