CVE-2020-4756Improper Resource Shutdown or Release in IBM Elastic Storage Server

CWE-404Improper Resource Shutdown or Release3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 85.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Elastic Storage ServerIBM Spectrum Scale
Timeline
PublishedOct 20
Latest updateMay 24

Description

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDibm/spectrum_scale4.2.3.23+1
NVDibm/elastic_storage_server6.0.0.06.0.1.0
CVEListV5ibm/spectrum_scale4 versions+3
CVEListV5ibm/elastic_storage_server6.0.0, 6.0.1.0+1

Patches

Patch: www.ibm.comPatch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-46j4-jqcq-j7qj: IBM Spectrum Scale V42022-05-24
CVEList
CVE-2020-4756: IBM Spectrum Scale V42020-10-20
CVE-2020-4756 — Improper Resource Shutdown or Release | cvebase