Denial of Service Vulnerability in IBM Spectrum Scale and Elastic Storage System
CVE-2020-4756
6.2MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 20 October 2020
Summary
The vulnerability in IBM Spectrum Scale and Elastic Storage System allows local attackers to invoke a specific set of ioctls with invalid arguments. This manipulation can lead to kernel crashes, resulting in a denial of service. The affected versions of the software are V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 for Spectrum Scale, as well as version 6.0.0 through 6.0.1.0 for the Elastic Storage System. For further details, refer to the official IBM support pages.
Affected Version(s)
Elastic Storage Server 6.0.0
Elastic Storage Server 6.0.1.0
Spectrum Scale 4.2.0.0
References
CVSS V3.1
Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved