CVE-2022-23159
First published: Tue Apr 12 2022(Updated: )
Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC PowerScale OneFS | >=8.2.2<=9.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Dell PowerScale OneFS vulnerability?
The vulnerability ID for this Dell PowerScale OneFS vulnerability is CVE-2022-23159.
What is the severity level of CVE-2022-23159?
The severity level of CVE-2022-23159 is medium with a CVSS score of 6.5.
What is the affected software for CVE-2022-23159?
The affected software for CVE-2022-23159 is Dell PowerScale OneFS versions 8.2.2 to 9.3.0.x.
How can an authenticated user exploit CVE-2022-23159?
An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit CVE-2022-23159, leading to a Denial-Of-Service.
How can I fix CVE-2022-23159?
To fix CVE-2022-23159, you should apply the latest patch or update provided by Dell PowerScale OneFS.
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/last-modified-date
- agent/event
- agent/description
- agent/softwarecombine
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell emc powerscale onefs
- version/dell emc powerscale onefs/8.2.2
- version/dell emc powerscale onefs/9.3.0