CNNVD-202509-2487 Information
CNNVD ID
CNNVD-202509-2487
Related CVE
- CNNVD Published: 2025-09-16
Description (Chinese)
IBM AIX和IBM VIOS都是美国国际商业机器(IBM)公司的产品。IBM AIX是一款为 IBM Power 体系架构开发的一种基于开放标准的 UNIX 操作系统。IBM VIOS是PowerVm® Editions 硬件功能的一部分。有助于在服务器内的客户端逻辑分区之间共享物理 I/O 资源。 IBM AIX 7.2版本、7.3版本和IBM VIOS 3.1版本、4.1版本存在安全漏洞,该漏洞源于关键变量初始化不当,可能导致本地用户以root权限写入系统文件。
Description (English)
IBM AIX and IBM VIOS are products of IBM. IBM AIX is an open standard-based UNIX operating system developed for the IBM Power architecture. IBM VIOS is part of the PowerVm Editions hardware function. Facilitates the sharing of physical I/O resources between client-end logical partitions within the server. IBM AIX version 7.2, version 7.3 and IBM VIOS version 3.1, version 4.1 have a security loophole, which stems from the inappropriate initialization of key variables and may lead local users to write to system files with root privileges.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
ICEcoder
Published
2025-09-16
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7245092 https://access.redhat.com/security/cve/cve-2025-36244 https://vigilance.fr/vulnerability/AIX-file-write-via-Kerberos-48240
Patch
https://www.ibm.com/support/pages/node/7245092
Share on: