Security Bulletin: There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Vulnerability Details

CVEID:   CVE-2022-27666
DESCRIPTION:   Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the ESP transformation in net/ipv4/esp4.c and net/ipv6/esp6.c. By sending a large message, a local attacker could overflow a buffer and execute arbitrary code on the system or gain elevated privileges in some configurations.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222414 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2021-4197
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem. By sending a specially-crafted request, an attacker could exploit this vulnerability to crash the system or escalate their privileges on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222455 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2021-20322
DESCRIPTION:   Linux Kernel could allow a remote attacker to bypass security restrictions, caused by an error in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality that allows the ability to quickly scan open UDP ports. An off-path remote attacker could exploit this vulnerability to bypass the source port UDP randomization and affect the confidentiality and integrity of the system.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/212886 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)