CVE-2022-23159Missing Release of Memory after Effective Lifetime in Dell EMC Powerscale Onefs

CWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
6.5MEDIUMNVD
CNA4.8
EPSS
0.2%
top 57.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell EMC Powerscale OnefsDell Powerscale Onefs
Timeline
PublishedApr 12
Latest updateMar 2

Description

Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDdell/emc_powerscale_onefs8.2.29.3.0
CVEListV5dell/powerscale_onefs8.2.2 - 9.3.0.x

Patches

Patch: www.dell.comPatch: www.dell.com

🔴Vulnerability Details

3
OSV
sox vulnerabilities2023-03-02
GHSA
GHSA-7q6x-5wq3-w7mh: Dell PowerScale OneFS, 82022-04-13
CVEList
CVE-2022-23159: Dell PowerScale OneFS, 82022-04-12
CVE-2022-23159 — Dell vulnerability | cvebase