IBM Common Cryptographic Architecture Denial-of-Service Vulnerability in Hardware Security Module

A denial-of-service vulnerability has been identified in IBM Common Cryptographic Architecture (CCA) versions 7.0.0 through 7.5.51. This vulnerability allows an authenticated user to disrupt services in the Hardware Security Module (HSM) by sending a specially crafted sequence of valid requests.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition in the Hardware Security Module, causing disruptions in cryptographic operations or services that rely on the HSM.

Remediation

Users are advised to upgrade to version 7.5.52 or later. For IBM AIX, IBM PowerLinux, and Linux on Intel x86, version 7.5.52 or later is available from the CCA Software Download Page. For IBM i, the CY3 PTF updates CCA 7.x MTM for 4769 to version 7.5.52. PTF numbers for this update are SJ02618 (for IBM i 7.5), SJ02616 (for IBM i 7.4), and SJ02617 (for IBM i 7.3).