Servers and workstations running IBM’s AIX operating system are vulnerable. In current versions, the developers have closed three security holes in the system’s kernel. After successful attacks, attackers could, in the worst case, be left with root rights.
Root and DoS
The root vulnerability (CVE-2021-29801) is associated with the threat level “highA warning message only describes an attack as a “non-privileged local user” who can acquire root rights via the kernel vulnerability.
Successfully expose attackers to the other two loopholes (CVE-2021-29727 “middle“, CVE-2021-29862”middle“), they could put the kernel in a DoS state. This will in all likelihood lead to a system crash.
The developers list the repaired AIX and VIOS versions in the warning message.