Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM881856569D095D0562CAC79F60978F0248C0B5AFF642A96F656B1F18610C988F
HistorySep 17, 2018 - 6:10 p.m.

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale that could allow a local, unprivileged user to cause a kernel panic (CVE-2018-1782)

2018-09-1718:10:02
www.ibm.com
6

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary

IBM Spectrum Scale could allow a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system.

Vulnerability Details

CVEID: CVE-2018-1782 DESCRIPTION: IBM GPFS allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148805&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)

Affected Products and Versions

IBM Spectrum Scale V5.0.1.0 and V5.0.1.1

Remediation/Fixes

A fix for this issue is in version 5.0.1.2 and 5.0.2.0 of IBM Spectrum Scale. Customers running an affected version of IBM Spectrum Scale should upgrade to 5.0.1.2 and later PTF’s, so that the fix gets applied.

V5.0.1.2 available from FixCentral at

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.1&platform=All&function=all

V5.0.2.0 available from FixCentral at

[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software defined storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.2&platform=All&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software defined storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=5.0.2&platform=All&function=all>)

If you cannot apply the latest level of service, contact IBM Service for an efix

- For IBM Spectrum Scale V5.0.1.x, reference APAR IJ08204

To contact IBM Service, see http://www.ibm.com/planetwide/

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum scaleeq5.0.1.0

Related

ibm 2
prion 1
nvd 1
cve 1
cvelist 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM Spectrum Scale bundled with IBM Cloud PowerVC Manager for Software Defined Infrastructure (CVE-2018-1782)
2018-10-11 16:55:01
Security Bulletin: The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale (CVE-2018-1782)
2018-11-27 18:15:01
prion
prion
Design/Logic Flaw
2018-09-19 15:29:00
nvd
nvd
CVE-2018-1782
2018-09-19 15:29:19
cve
cve
CVE-2018-1782
2018-09-19 15:29:19
cvelist
cvelist
CVE-2018-1782
2018-09-17 00:00:00

0.0004 Low

EPSS

Percentile

12.6%

JSON
Related for 881856569D095D0562CAC79F60978F0248C0B5AFF642A96F656B1F18610C988F
ibm2prion1nvd1cve1cvelist1