Security Bulletin: A vulnerability in IBM Spectrum Scale Container Native that could allow access to confidential information on the host

Summary

A security vulnerability has been identified in IBM Spectrum Scale Container Native that could allow access to confidential information on the host. A fix for this vulnerability is available.

Vulnerability Details

CVEID:CVE-2022-41739
**DESCRIPTION:**IBM Spectrum Scale could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host.
CVSS Base score: 7.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237815 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N)

Affected Products and Versions

IBM Spectrum Scale Container Native Storage Access

| 5.1.2.1 - 5.1.6.0

Remediation/Fixes

For this specific issue, upgrade to IBM Spectrum Scale container native v5.1.7.0 or later and OpenShift Container Platform 4.11, or higher.

<https://www.ibm.com/docs/en/scalecontainernative?topic=spectrum-scale-container-native-storage-access-517&gt;

For IBM Spectrum Scale container native, see the supported upgrade paths and follow the version specific steps to upgrade to the target version. <https://www.ibm.com/docs/en/scalecontainernative&gt;.

Note:

• If you are running any version of IBM Spectrum Scale container native < 5.1.5.0, you must first upgrade to 5.1.5.0 before proceeding to a higher version.
• Non-containerized downloads of Spectrum Scale are available on FixCentral here if you’d like to uplevel the storage cluster to match the Spectrum Scale Container Native 5.1.7.0 level.

If you have some trouble upgrading to the specified level, contact IBM Service.

Workarounds and Mitigations

None