Vulnerability Name:

CVE-2015-0199 (CCN-101226)

Assigned:2014-11-18
Published:2015-03-13
Updated:2016-12-31
Summary:The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corruption) via unspecified character-device ioctl calls.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2015-0199

Source: CCN
Type: IBM Security Bulletin T1022062
IBM General Parallel File System is affected by security vulnerabilities (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=isg3T1022062

Source: CONFIRM
Type: UNKNOWN
http://www-304.ibm.com/support/docview.wss?uid=swg21902662

Source: CCN
Type: IBM Security Bulletin S1005239
GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-2015-0197 and CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin S1005240
GPFS security vulnerabilities in IBM SONAS (CVE-2015-0197 and CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin 1902662
Multiple vulnerabilities in GPFS affects IBM DB2 LUW on AIX and Linux (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin 1903776
Vulnerabilities in GPFS affect InfoSphere BigInsights (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin 1960401
IBM PureApplication System is affected by security vulnerabilities (CVE-2015-0197, CVE-2015-0198, CVE-2015-0199)

Source: CCN
Type: IBM Security Bulletin 1962616
Multiple security vulnerabilities have been identified in IBM General Parallel File System shipped with IBM Smart Analytics System 7600, 7700, 7710 and IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 1962690
A security vulnerability has been identified in IBM General Parallel File System shipped with IBM Smart Analytics System 5600

Source: BID
Type: UNKNOWN
73283

Source: CCN
Type: BID-73283
IBM General Parallel File System CVE-2015-0199 Local Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1032880

Source: XF
Type: UNKNOWN
ibm-gpfs-cve20150199-priv-escalation(101226)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:general_parallel_file_system:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:general_parallel_file_system:4.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm general parallel file system 3.4
    ibm general parallel file system 3.5
    ibm general parallel file system 4.1