The 'lsmcode' binary contained a regression issue which circumvented fixes for CVE-2014-3074, which was a Local Privilege Escalation (LPE) vulnerability in AIX's malloc implementation. The vulnerability allows a non-privileged user to escalate to superuser (root) privileges.
Local Privilege Escalation
Attack Complexity (AC)Low Privileges Required (PR)Low User Interaction (UI)None Scope (S)Unchanged
Confidentiality (C)High Integrity (I)High Availability (A)High