Jakub Wartak

**Name of the Vulnerable Software and Affected Versions** IBM AIX versions 5.3 through 7.1 VIOS version 2.2.1.4-FP-25 SP-02 **Description** The issue is related to the improper implementation of the `dupmsg` system call in the kernel, which allows local users to cause a denial of service, resulting in a system crash, via a crafted application. **Recommendations** For IBM AIX versions 5.3 through 7.1, consider applying a patch or fix to properly implement the `dupmsg` system call to prevent denial of service attacks. For VIOS version 2.2.1.4-FP-25 SP-02, consider applying a patch or fix to properly implement the `dupmsg` system call to prevent denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** invscout.rte versions prior to 2.2.0.19 **Description** The issue allows local users to delete arbitrary files or trigger inventory scout operations on arbitrary files via a symlink attack. This is related to the bin/invscoutClient VPD Survey and sbin/invscout lsvpd programs. **Recommendations** For invscout.rte versions prior to 2.2.0.19, update to version 2.2.0.19 or later to resolve the issue.