Ryan Adamson

**Name of the Vulnerable Software and Affected Versions** IBM Spectrum LSF versions 9.1.1 through 9.1.3 IBM Spectrum LSF version 10.1 **Description** The issue allows a local user to change their job user at job submission time due to improper file permission settings. **Recommendations** For IBM Spectrum LSF versions 9.1.1 through 9.1.3, update the file permission settings to prevent local users from changing their job user at job submission time. For IBM Spectrum LSF version 10.1, update the file permission settings to prevent local users from changing their job user at job submission time. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM GPFS versions 5.0.1.0 through 5.0.1.1 **Description** The issue allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. **Recommendations** For versions 5.0.1.0 and 5.0.1.1, consider restricting access to files stored on GPFS file systems to prevent unauthorized users from accessing or executing crafted files, and avoid using mmap to access files on GPFS file systems until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.