Search
Find a vulnerability
Search criteria
22 vulnerabilities by lustre
CVE-2019-20432 (GCVE-0-2019-20432)
Vulnerability from nvd – Published: 2020-01-27 04:19 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12604 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35868/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35868/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:19:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35868/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12604",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12604"
},
{
"name": "https://review.whamcloud.com/#/c/35868/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35868/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20432",
"datePublished": "2020-01-27T04:19:42.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20431 (GCVE-0-2019-20431)
Vulnerability from nvd – Published: 2020-01-27 04:19 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12612 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36273/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12612"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36273/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:19:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12612"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36273/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12612",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12612"
},
{
"name": "https://review.whamcloud.com/#/c/36273/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36273/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20431",
"datePublished": "2020-01-27T04:19:58.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20430 (GCVE-0-2019-20430)
Vulnerability from nvd – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12602 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36208/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36208/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36208/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12602",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12602"
},
{
"name": "https://review.whamcloud.com/#/c/36208/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36208/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20430",
"datePublished": "2020-01-27T04:20:09.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20429 (GCVE-0-2019-20429)
Vulnerability from nvd – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12590 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36119/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36119/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36119/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12590",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12590"
},
{
"name": "https://review.whamcloud.com/#/c/36119/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36119/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20429",
"datePublished": "2020-01-27T04:20:23.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:10.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20428 (GCVE-0-2019-20428)
Vulnerability from nvd – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12603 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36108/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36108/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36108/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12603",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12603"
},
{
"name": "https://review.whamcloud.com/#/c/36108/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36108/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20428",
"datePublished": "2020-01-27T04:20:43.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20427 (GCVE-0-2019-20427)
Vulnerability from nvd – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12600 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35867/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35867/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35867/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12600",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12600"
},
{
"name": "https://review.whamcloud.com/#/c/35867/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35867/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20427",
"datePublished": "2020-01-27T04:20:55.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:10.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20426 (GCVE-0-2019-20426)
Vulnerability from nvd – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12614 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36107/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12614"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36107/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12614"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36107/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12614",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12614"
},
{
"name": "https://review.whamcloud.com/#/c/36107/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36107/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20426",
"datePublished": "2020-01-27T04:21:04.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20425 (GCVE-0-2019-20425)
Vulnerability from nvd – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12613 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36209/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36209/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36209/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12613",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12613"
},
{
"name": "https://review.whamcloud.com/#/c/36209/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36209/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20425",
"datePublished": "2020-01-27T04:21:15.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20424 (GCVE-0-2019-20424)
Vulnerability from nvd – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12615 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35869/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35869/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35869/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12615",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12615"
},
{
"name": "https://review.whamcloud.com/#/c/35869/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35869/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20424",
"datePublished": "2020-01-27T04:21:30.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20423 (GCVE-0-2019-20423)
Vulnerability from nvd – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://jira.whamcloud.com/browse/LU-12605 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35935/ | x_refsource_MISC |
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12605"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35935/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12605"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35935/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.whamcloud.com/browse/LU-12605",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12605"
},
{
"name": "https://review.whamcloud.com/#/c/35935/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35935/"
},
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20423",
"datePublished": "2020-01-27T04:21:40.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4970 (GCVE-0-2008-4970)
Vulnerability from nvd – Published: 2008-11-06 11:00 – Updated: 2024-08-07 10:31
VLAI
Summary
runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://bugs.debian.org/496371 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2008/10/30/2 | mailing-listx_refsource_MLIST |
| https://bugs.gentoo.org/show_bug.cgi?id=235770 | x_refsource_CONFIRM |
| http://dev.gentoo.org/~rbu/security/debiantemp/lu… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/30911 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:28.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/496371"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name": "30911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30911"
},
{
"name": "lustretests-file-symlink(44819)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/496371"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name": "30911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30911"
},
{
"name": "lustretests-file-symlink(44819)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/496371",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/496371"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name": "30911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30911"
},
{
"name": "lustretests-file-symlink(44819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4970",
"datePublished": "2008-11-06T11:00:00.000Z",
"dateReserved": "2008-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:31:28.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20423 (GCVE-0-2019-20423)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://jira.whamcloud.com/browse/LU-12605 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35935/ | x_refsource_MISC |
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12605"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35935/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12605"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35935/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.whamcloud.com/browse/LU-12605",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12605"
},
{
"name": "https://review.whamcloud.com/#/c/35935/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35935/"
},
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20423",
"datePublished": "2020-01-27T04:21:40.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20424 (GCVE-0-2019-20424)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12615 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35869/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35869/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35869/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12615",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12615"
},
{
"name": "https://review.whamcloud.com/#/c/35869/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35869/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20424",
"datePublished": "2020-01-27T04:21:30.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20425 (GCVE-0-2019-20425)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12613 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36209/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36209/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36209/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12613",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12613"
},
{
"name": "https://review.whamcloud.com/#/c/36209/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36209/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20425",
"datePublished": "2020-01-27T04:21:15.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20426 (GCVE-0-2019-20426)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:21 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12614 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36107/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12614"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36107/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:21:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12614"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36107/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12614",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12614"
},
{
"name": "https://review.whamcloud.com/#/c/36107/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36107/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20426",
"datePublished": "2020-01-27T04:21:04.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20427 (GCVE-0-2019-20427)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12600 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35867/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35867/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:55.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35867/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12600",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12600"
},
{
"name": "https://review.whamcloud.com/#/c/35867/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35867/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20427",
"datePublished": "2020-01-27T04:20:55.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:10.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20428 (GCVE-0-2019-20428)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12603 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36108/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36108/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36108/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12603",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12603"
},
{
"name": "https://review.whamcloud.com/#/c/36108/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36108/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20428",
"datePublished": "2020-01-27T04:20:43.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20429 (GCVE-0-2019-20429)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12590 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36119/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12590"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36119/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12590"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36119/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12590",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12590"
},
{
"name": "https://review.whamcloud.com/#/c/36119/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36119/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20429",
"datePublished": "2020-01-27T04:20:23.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:10.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20430 (GCVE-0-2019-20430)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:20 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12602 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36208/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36208/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:20:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36208/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12602",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12602"
},
{
"name": "https://review.whamcloud.com/#/c/36208/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36208/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20430",
"datePublished": "2020-01-27T04:20:09.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20431 (GCVE-0-2019-20431)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:19 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12612 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/36273/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12612"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/36273/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:19:58.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12612"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/36273/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12612",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12612"
},
{
"name": "https://review.whamcloud.com/#/c/36273/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/36273/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20431",
"datePublished": "2020-01-27T04:19:58.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20432 (GCVE-0-2019-20432)
Vulnerability from cvelistv5 – Published: 2020-01-27 04:19 – Updated: 2024-08-05 02:39
VLAI
Summary
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://wiki.lustre.org/Lustre_2.12.3_Changelog | x_refsource_MISC |
| http://lustre.org/ | x_refsource_MISC |
| https://jira.whamcloud.com/browse/LU-12604 | x_refsource_MISC |
| https://review.whamcloud.com/#/c/35868/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.whamcloud.com/browse/LU-12604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.whamcloud.com/#/c/35868/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T04:19:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lustre.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.whamcloud.com/browse/LU-12604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.whamcloud.com/#/c/35868/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog",
"refsource": "MISC",
"url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"
},
{
"name": "http://lustre.org/",
"refsource": "MISC",
"url": "http://lustre.org/"
},
{
"name": "https://jira.whamcloud.com/browse/LU-12604",
"refsource": "MISC",
"url": "https://jira.whamcloud.com/browse/LU-12604"
},
{
"name": "https://review.whamcloud.com/#/c/35868/",
"refsource": "MISC",
"url": "https://review.whamcloud.com/#/c/35868/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20432",
"datePublished": "2020-01-27T04:19:42.000Z",
"dateReserved": "2020-01-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:09.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4970 (GCVE-0-2008-4970)
Vulnerability from cvelistv5 – Published: 2008-11-06 11:00 – Updated: 2024-08-07 10:31
VLAI
Summary
runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://bugs.debian.org/496371 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2008/10/30/2 | mailing-listx_refsource_MLIST |
| https://bugs.gentoo.org/show_bug.cgi?id=235770 | x_refsource_CONFIRM |
| http://dev.gentoo.org/~rbu/security/debiantemp/lu… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/30911 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:31:28.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/496371"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name": "30911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30911"
},
{
"name": "lustretests-file-symlink(44819)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/496371"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name": "30911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30911"
},
{
"name": "lustretests-file-symlink(44819)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/496371",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/496371"
},
{
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/lustre-tests"
},
{
"name": "30911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30911"
},
{
"name": "lustretests-file-symlink(44819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44819"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4970",
"datePublished": "2008-11-06T11:00:00.000Z",
"dateReserved": "2008-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:31:28.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}