CVE-2021-39048: 
Linux Gentoo vulnerability analysis and mitigation

IBM Spectrum Protect Client versions 7.1 and 8.1 was identified with a security vulnerability tracked as CVE-2021-39048. The vulnerability was discovered on August 16, 2021, and publicly disclosed on December 10, 2021. This security flaw affects IBM Spectrum Protect Client versions 7.1.0.0-7.1.8.10 and 8.1.0.0-8.1.12.0 on AIX, Linux, Solaris, and HP-UX platforms, as well as IBM Spectrum Protect for Space Management versions on AIX and Linux platforms (IBM Advisory).

The vulnerability is classified as a stack-based buffer overflow caused by improper bounds checking in the application. The CVSS Base score for this vulnerability is 6.2, with a vector of CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a local attack vector with low attack complexity and no privileges or user interaction required (IBM Advisory).

If successfully exploited, this vulnerability could allow a local attacker to cause a denial of service to the affected system. The impact primarily affects the availability of the system, with no direct impact on confidentiality or integrity (IBM Advisory).

IBM has released fixes for both affected product lines. For IBM Spectrum Protect Backup-Archive Client, users should upgrade to version 8.1.13 for 8.1 release stream or 7.1.8.11 for 7.1 release stream. For IBM Spectrum Protect for Space Management, the same version upgrades apply. No workarounds are available for this vulnerability (IBM Advisory, Gentoo Advisory).