Vulnerabilities > CVE-2022-23159 - Memory Leak vulnerability in Dell EMC Powerscale Onefs

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

dell

CWE-401

NVD

Published: 2022-04-12

Updated: 2022-04-20

Summary

Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell EMC Powerscale Onefs 8.2.2 Dell EMC Powerscale Onefs 9.0.0 Dell EMC Powerscale Onefs 9.0.0.0 Dell EMC Powerscale Onefs 9.1.0 Dell EMC Powerscale Onefs 9.1.0.0 Dell EMC Powerscale Onefs 9.1.0.21 Dell EMC Powerscale Onefs 9.1.0.24 Dell EMC Powerscale Onefs 9.1.0.25 Dell EMC Powerscale Onefs 9.1.0.26 Dell EMC Powerscale Onefs 9.1.0.27 Dell EMC Powerscale Onefs 9.1.1.0 Dell EMC Powerscale Onefs 9.1.1.1 Dell EMC Powerscale Onefs 9.2.0 Dell EMC Powerscale Onefs 9.2.0.0 Dell EMC Powerscale Onefs 9.2.1.0 Dell EMC Powerscale Onefs 9.2.1.17 Dell EMC Powerscale Onefs 9.2.1.18 Dell EMC Powerscale Onefs 9.2.1.19 Dell EMC Powerscale Onefs 9.2.1.20 Dell EMC Powerscale Onefs 9.3.0	20

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

References

https://www.dell.com/support/kbdoc/000196009