Denial of Service Vulnerability in IBM Spectrum Scale on Elastic Storage Server
CVE-2017-1304

6.2MEDIUM

Key Information:

Vendor
IBM
Status
Elastic Storage Server
Vendor
CVE Published:
21 June 2017

Summary

IBM has reported a vulnerability in Spectrum Scale/GPFS during the use of unsupported configurations on Elastic Storage Servers or GPFS Storage Servers. This issue arises when applications run on active ESS I/O server nodes and perform direct I/O operations, potentially accessing incorrect memory addresses. As a result, a Signal 11 may be triggered, leading to daemon failures, which could cause denial of service and create risks of undetected data corruption. Users should ensure proper configurations and utilize supported versions to mitigate these risks.

Affected Version(s)

Elastic Storage Server 2.0

Elastic Storage Server 2.5

Elastic Storage Server 3.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/125458
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=ssg1S1010230
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99274
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.