Vulnerability Details : CVE-2017-1304
IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utilized on the Elastic Storage Server (ESS)/GPFS Storage Server (GSS) during testing of an unsupported configuration, where users applications are running on an active ESS I/O server node and utilize direct I/O to perform a read or a write to a Spectrum Scale file. This vulnerability may result in the use of an incorrect memory address, leading to a Spectrum Scale/GPFS daemon failure with a Signal 11, and possibly leading to denial of service or undetected data corruption. IBM X-Force ID: 125458.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-1304
- cpe:2.3:a:ibm:elastic_storage_server:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:5.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1304
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 48 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1304
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
6.2
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
1.4
|
4.7
|
NIST |
CWE ids for CVE-2017-1304
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1304
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/125458
IBM Elastic Storage Server denial of service CVE-2017-1304 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=ssg1S1010230
IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2017-1304)Vendor Advisory
-
http://www.securityfocus.com/bid/99274
IBM Elastic Storage Server/GPFS Storage Server CVE-2017-1304 Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to