Denial of Service Vulnerability in IBM Spectrum Scale and Elastic Storage System
CVE-2020-4756

6.2MEDIUM

Key Information:

Vendor
IBM
Status
Elastic Storage Server
Spectrum Scale
Vendor
CVE Published:
20 October 2020

Summary

The vulnerability in IBM Spectrum Scale and Elastic Storage System allows local attackers to invoke a specific set of ioctls with invalid arguments. This manipulation can lead to kernel crashes, resulting in a denial of service. The affected versions of the software are V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 for Spectrum Scale, as well as version 6.0.0 through 6.0.1.0 for the Elastic Storage System. For further details, refer to the official IBM support pages.

Affected Version(s)

Elastic Storage Server 6.0.0

Elastic Storage Server 6.0.1.0

Spectrum Scale 4.2.0.0

References

https://www.ibm.com/support/pages/node/6349469
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6349475
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/188599
vdb-entryx_refsource_XF

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.