CVE-2024-27273 — Incorrect Privilege Assignment in IBM Vios

CWE-266 — Incorrect Privilege Assignment3 documents3 sources

Severity

7.8HIGHNVD

CNA8.1

EPSS

0.0%

top 93.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM AIX IBM Vios

Timeline

PublishedMay 7

Description

IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDibm/vios3.1, 4.1+1

▶CVEListV5ibm/aix7.2, 7.3, VIOS 3.1, VIOS 4.1

▶NVDibm/aix7.2, 7.3+1

🔴Vulnerability Details

GHSA

GHSA-r925-j225-84gm: IBM AIX's Unix domain (AIX 7↗2024-05-07

▶

CVEList

IBM AIX privilege escalation↗2024-05-07

▶