The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale which could allow a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. (CVE-2018-1782).
CVEID: CVE-2018-1782 DESCRIPTION: IBM GPFS allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148805> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
The Elastic Storage Server 5.3.1 thru 5.3.1.1
For IBM Elastic Storage Server V5.3.1 thru 5.3.1.1, apply V5.3.2 available from FixCentral at:
Notes:
If you are unable to upgrade to ESS 5.3.2, please contact IBM Service to obtain an efix:
- For IBM Elastic Storage Server 5.3.1 - 5.3.1.1, reference APAR IJ08204
To contact IBM Service, see http://www.ibm.com/planetwide/
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm elastic storage server | eq | any |