CVE-2022-3646 A vulnerability was found in the Linux kernel, which affects the function nilfs_attach_log_writer of BPF component. The manipulation leads to memory leak.

A vulnerability, which was classified as critical, has been found in AIX. This issue affects the RPC server of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component

Description of the vulnerability

The vulnerability is caused by a buffer overflow when processing an RPC request that uses the dsnsrv.exe process. A remote attacker could exploit this vulnerability to cause a denial-of-service condition in the target system.

RPC server of DSN

The RPC server of the DSN component is a point of vulnerability that is critical to fix.

The vulnerability details

The vulnerability is in the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN. When AIX starts up, it performs an internal routine called DB2_Maintenance_Task to check for unprocessed records. The DB2_Maintenance_Task routine checks for unprocessed records by first performing a SELECT query on "SYSTEM"."SYSINDEXES". If there are any unprocessed records, then DB2_Maintenance_Task schedules another job to process those records.

AIX vulnerability overview

A vulnerability in AIX has been found, classified as critical. The vulnerability affects the RPC server of the component DSN and the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DSN of the component DBN. This issue affects all AIX releases prior to 7.2 TL09.

Timeline

Published on: 10/21/2022 18:15:00 UTC
Last modified on: 11/01/2022 23:15:00 UTC

References

• https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=d0d51a97063db4704a5ef6bc978dddab1636a306
• https://vuldb.com/?id.211961
• https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3646