IBM Spectrum Scale could allow a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system.
CVEID: CVE-2018-1782 DESCRIPTION: IBM GPFS allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148805> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
IBM Spectrum Scale V5.0.1.0 and V5.0.1.1
A fix for this issue is in version 5.0.1.2 and 5.0.2.0 of IBM Spectrum Scale. Customers running an affected version of IBM Spectrum Scale should upgrade to 5.0.1.2 and later PTF’s, so that the fix gets applied.
V5.0.1.2 available from FixCentral at
V5.0.2.0 available from FixCentral at
[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software defined storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.2&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software defined storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.2&platform=All&function=all>)
If you cannot apply the latest level of service, contact IBM Service for an efix
- For IBM Spectrum Scale V5.0.1.x, reference APAR IJ08204
To contact IBM Service, see http://www.ibm.com/planetwide/
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale | eq | 5.0.1.0 |