CVE-2020-4756

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ibmCNA
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/A:H/C:N/PR:N/UI:N/S:U/I:N/AC:L/AV:L/RL:O/RC:C/E:U
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
ibmelastic_storage_server
6.0.0.0 ≤
𝑥
≤ 6.0.1.0
ibmspectrum_scale
4.2.0.0 <
𝑥
≤ 4.2.3.23
ibmspectrum_scale
5.0.0.0 <
𝑥
≤ 5.0.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/188599
https://www.ibm.com/support/pages/node/6349469
https://www.ibm.com/support/pages/node/6349475
https://exchange.xforce.ibmcloud.com/vulnerabilities/188599
https://www.ibm.com/support/pages/node/6349469
https://www.ibm.com/support/pages/node/6349475