A security vulnerability has been identified in all levels of IBM Elastic Storage Server that could allow a local attacker to cause a denial of service. A fix for this vulnerability is available.
CVEID:CVE-2020-4411
**DESCRIPTION:**The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179986 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
The Elastic Storage Server 5.3.0 through 5.3.5
The Elastic Storage Server 5.0.0 through 5.2.9
The Elastic Storage Server 4.5.0 through 4.6.0.0
The Elastic Storage Server 4.0.0 through 4.0.6.0
For IBM Elastic Storage Server V5.3.0. through V5.3.5, apply V5.3.6 available from FixCentral at:
For IBM Elastic Storage Server V5.0.0. through 5.2.9, apply V5.2.10 available from FixCentral at:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm elastic storage server | eq | 5.3 |