Multiple vulnerabilities in Dell PowerScale OneFS



Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2025-30102
CVE-2025-30101
CWE-ID CWE-787
CWE-367
Exploitation vector Local
Public exploit N/A
Vulnerable software
 PowerScale OneFS
Hardware solutions / Firmware

Vendor Dell

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU109479

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30102

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A local user can trigger an our-of-bounds write and perform a crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 9.10.1.2

CPE2.3 External links

https://www.dell.com/support/kbdoc/en-us/000317419/dsa-2025-192-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU109480

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-30101

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service attack.

The vulnerability exists due to a race condition. An attacker with physical access to the system can perform a denial of service attack or tamper with data on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PowerScale OneFS: before 9.10.1.2

CPE2.3 External links

https://www.dell.com/support/kbdoc/en-us/000317419/dsa-2025-192-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###