CVE-2017-1304

6.2MEDIUM

Key Information:

Vendor
IBM
Status
Elastic Storage Server
Vendor
CVE Published:
21 June 2017

Summary

IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial of service or undetected data corruption. IBM X-Force ID: 125458.

Affected Version(s)

Elastic Storage Server 2.0

Elastic Storage Server 2.5

Elastic Storage Server 3.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/125458
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=ssg1S1010230
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99274
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.