CVE-2023-38719: 
IBM Db2 vulnerability analysis and mitigation

IBM Db2 version 11.5.8 contains a vulnerability (CVE-2023-38719) that could allow a local user with special privileges to cause a denial of service during database deactivation on DPF (Database Partitioning Feature). The vulnerability was disclosed in October 2023 and affects all platforms running IBM Db2 11.5.8 (IBM Security).

The vulnerability has been assigned a CVSS Base score of 4.4 (MEDIUM) with the vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating that it requires local access and high privileges to exploit, but can result in high availability impact. The attack complexity is low and requires no user interaction (NVD, NetApp Advisory).

Successful exploitation of this vulnerability could lead to a denial of service condition during database deactivation on DPF environments. The impact is limited to availability with no direct effect on confidentiality or integrity of the system (IBM Security, NetApp Advisory).

IBM has released special builds containing interim fix (APAR DT174378) for affected versions. These builds are available for various platforms including AIX 64-bit, Linux (32-bit and 64-bit), and Windows. The fixes can be downloaded from Fix Central and applied to any affected fixpack level. No workarounds have been identified for this vulnerability (IBM Security).