A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1, IBM GPFS V4.1 and V3.5 that could allow a local attacker to cause the node they are on to crash.
CVEID: CVE-2015-7403 **
DESCRIPTION:** IBM General Parallel File System is vulnerable to a denial of service, caused by a user pointer dereference. A local attacker could exploit this vulnerability to cause the GPFS they are on to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107108 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
IBM Spectrum Scale V4.1.1.0 thru V4.1.1.2
IBM GPFS V4.1.0.0 thru V4.1.0.8
IBM GPFS V3.5.0.0 thru V3.5.0.28
Note: Only the AIX platform is affected
For GPFS V3.4 and lower, _ IBM recommends upgrading to a fixed, supported version/release of the product._
Apply IBM Spectrum Scale V4.1.1.3 for AIX or IBM GPFS V3.5.0.29 for AIX as appropriate for your level of code available from Fix Central:
- For IBM Spectrum Scale V4.1.1 and IBM GPFS V4.1 for AIX, apply V4.1.1.3 at
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=AIX&function=all
- For IBM GPFS V3.5 apply V3.5.0.29 for AIX at
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Cluster%2Bsoftware&product=ibm/power/IBM+General+Parallel+File+System&release=3.5.0&platform=AIX&function=all
None