CVE-2022-23159

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 8.2.2 through 9.3.0.x

Description The issue is related to a missing release of memory after its effective lifetime, which can be exploited by an authenticated user with specific privileges, such as ISI PRIV LOGIN SSH, ISI PRIV LOGIN CONSOLE, and ISI PRIV AUTH PROVIDERS. This can lead to a Denial-Of-Service and also impact a cluster in Compliance mode.

Recommendations For Dell PowerScale OneFS versions 8.2.2 through 9.3.0.x, update to a newer version at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting access to the system for users with ISI PRIV LOGIN SSH, ISI PRIV LOGIN CONSOLE, and ISI PRIV AUTH PROVIDERS privileges until the update is applied.