In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.
References
Link | Resource |
---|---|
https://review.whamcloud.com/#/c/35867/ | Exploit Third Party Advisory |
http://lustre.org/ | Product Vendor Advisory |
http://wiki.lustre.org/Lustre_2.12.3_Changelog | Release Notes Vendor Advisory |
https://jira.whamcloud.com/browse/LU-12600 | Exploit Issue Tracking Third Party Advisory |
Configurations
Information
Published : 2020-01-26 21:15
Updated : 2020-01-29 09:20
NVD link : CVE-2019-20427
Mitre link : CVE-2019-20427
JSON object : View
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Products Affected
lustre
- lustre