CVE-2024-27273 - Vulnerability Details - OpenCVE

IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix Vios

Configuration 1 [-]

OR	cpe:2.3:a:ibm:vios:3.1:::::::*
	cpe:2.3:a:ibm:vios:4.1:::::::*
	cpe:2.3:o:ibm:aix:7.2:::::::*
	cpe:2.3:o:ibm:aix:7.3:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/284903
https://www.ibm.com/support/pages/node/7150297

History

Mon, 18 Aug 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm vios
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:ibm:vios:3.1:::::::* cpe:2.3:a:ibm:vios:4.1:::::::* cpe:2.3:o:ibm:aix:7.2:::::::* cpe:2.3:o:ibm:aix:7.3:::::::*
Vendors & Products		Ibm vios

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-05-07T20:17:47.250Z

Updated: 2024-08-02T00:27:59.896Z

Reserved: 2024-02-22T01:26:52.587Z

Link: CVE-2024-27273

Vulnrichment

Updated: 2024-08-02T00:27:59.896Z

NVD

Status : Analyzed

Published: 2024-05-07T21:15:09.060

Modified: 2025-08-18T15:19:57.093

Link: CVE-2024-27273

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27273", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2024-02-22T01:26:52.587Z", "datePublished": "2024-05-07T20:17:47.250Z", "dateUpdated": "2024-08-02T00:27:59.896Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AIX", "vendor": "IBM", "versions": [{"status": "affected", "version": "7.2, 7.3, VIOS 3.1, VIOS 4.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Christian Kohlschuetter"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903."}], "value": "IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-07T20:17:47.250Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7150297"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284903"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM AIX privilege escalation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "ibm", "product": "aix", "cpes": ["cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.3", "status": "affected"}]}, {"vendor": "ibm", "product": "aix", "cpes": ["cpe:2.3:o:ibm:aix:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:4.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.1", "status": "affected"}, {"version": "4.1", "status": "affected"}, {"version": "7.2", "status": "affected"}, {"version": "7.3", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-08T17:53:50.843116Z", "id": "CVE-2024-27273", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T17:02:15.061Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.896Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7150297"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284903"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7150297", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284903", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.896Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27273", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-08T17:53:50.843116Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "aix", "versions": [{"status": "affected", "version": "7.3"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:ibm:aix:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:4.1:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "aix", "versions": [{"status": "affected", "version": "3.1"}, {"status": "affected", "version": "4.1"}, {"status": "affected", "version": "7.2"}, {"status": "affected", "version": "7.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-08T17:55:57.861Z"}}], "cna": {"title": "IBM AIX privilege escalation", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Christian Kohlschuetter"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "AIX", "versions": [{"status": "affected", "version": "7.2, 7.3, VIOS 3.1, VIOS 4.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7150297", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284903", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.", "supportingMedia": [{"type": "text/html", "value": "IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-07T20:17:47.250Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27273", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:27:59.896Z", "dateReserved": "2024-02-22T01:26:52.587Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-05-07T20:17:47.250Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "6F61BE89-FBDE-4312-8422-86D1A9F57C9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "37B9B26F-4749-4086-9477-655F6635CAC6", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903."}, {"lang": "es", "value": "La implementaci\u00f3n de sockets de datagramas de dominio Unix de IBM AIX (AIX 7.2, 7.3, VIOS 3.1 y VIOS 4.1) podr\u00eda exponer potencialmente aplicaciones que utilizan sockets de datagramas de dominio Unix con operaci\u00f3n SO_PEERID y puede conducir a una escalada de privilegios. ID de IBM X-Force: 284903."}], "id": "CVE-2024-27273", "lastModified": "2025-08-18T15:19:57.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 6.0, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-07T21:15:09.060", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284903"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7150297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284903"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7150297"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "psirt@us.ibm.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}