Impact
Medium
Details
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-36305 |
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA may potentially exploit this vulnerability, leading to a denial of service over SMB. |
6.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Third-party Component |
CVE |
More information |
FreeBSD |
CVE-2021-29626 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29626 In OneFS, a copy-on-write logic failed to invalidate shared memory page mappings between multiple processes which amy allow an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. |
Proprietary Code CVE |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-36305 |
Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA may potentially exploit this vulnerability, leading to a denial of service over SMB. |
6.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Third-party Component |
CVE |
More information |
FreeBSD |
CVE-2021-29626 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29626 In OneFS, a copy-on-write logic failed to invalidate shared memory page mappings between multiple processes which amy allow an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
CVEs Addressed |
Affected Versions |
Updated Versions |
Link to Update |
CVE-2021-36305 |
8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x |
Upgrade your version of OneFS |
PowerScale OneFS Downloads Area |
8.2.2, 9.1.0.x , and 9.2.1.x |
Download and install the latest RUP |
CVE-2021-29626 |
8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x |
Upgrade your version of OneFS |
8.2.x, 9.1.0.x , and 9.2.1.x |
Download and install the latest RUP |
CVEs Addressed |
Affected Versions |
Updated Versions |
Link to Update |
CVE-2021-36305 |
8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x |
Upgrade your version of OneFS |
PowerScale OneFS Downloads Area |
8.2.2, 9.1.0.x , and 9.2.1.x |
Download and install the latest RUP |
CVE-2021-29626 |
8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x |
Upgrade your version of OneFS |
8.2.x, 9.1.0.x , and 9.2.1.x |
Download and install the latest RUP |
Workarounds & Mitigations
|
Workarounds or Mitigations |
CVE-2021-36305 |
Disabling Continuous Availability (CA) on all SMB shares that has it enabled prevents the issue. |
CVE-2021-29626 |
Disallow ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_LOGIN_SSH privileges to non-administrative users. |
Revision History
Revision | Date | Description |
1.0 | 30 Sep 2021 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Affected Products
PowerScale OneFS, Product Security Information