IBM Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where the use of Local Read Only Cache (LROC) may result in directory corruption and undetected data corruption in regular files.

Jan 4, 2019 9:01 am EST

Categorized: Medium Severity

Share this post:

After cached data is moved from memory to the LROC device, any changes to that data should trigger invalidation of the data stored in LROC. Due to a problem with invalidation logic, it is possible for invalidation of this LROC data to be skipped. This could lead to stale or incorrect data to be recalled from LROC and data in memory to become corrupted, with potential for the data on disks to also become corrupted.

CVE(s): CVE-2018-1993

Affected product(s) and affected version(s):

IBM Spectrum Scale V5.0.0.0 thru V5.0.2.0

IBM Spectrum Scale V4.2.0.0 thru V4.2.3.11

IBM Spectrum Scale V4.1.1.0 thru V4.1.1.21

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10793719
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154440

from IBM Product Security Incident Response Team https://ibm.co/2scecdW