Denial of Service Vulnerability in IBM Spectrum Scale on Elastic Storage Server
CVE-2017-1304
6.2MEDIUM
Summary
IBM has reported a vulnerability in Spectrum Scale/GPFS during the use of unsupported configurations on Elastic Storage Servers or GPFS Storage Servers. This issue arises when applications run on active ESS I/O server nodes and perform direct I/O operations, potentially accessing incorrect memory addresses. As a result, a Signal 11 may be triggered, leading to daemon failures, which could cause denial of service and create risks of undetected data corruption. Users should ensure proper configurations and utilize supported versions to mitigate these risks.
Affected Version(s)
Elastic Storage Server 2.0
Elastic Storage Server 2.5
Elastic Storage Server 3.0
References
CVSS V3.1
Score:
6.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved