In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.
References
Link | Resource |
---|---|
http://lustre.org/ | Product Vendor Advisory |
https://jira.whamcloud.com/browse/LU-12612 | Exploit Third Party Advisory |
http://wiki.lustre.org/Lustre_2.12.3_Changelog | Release Notes Vendor Advisory |
https://review.whamcloud.com/#/c/36273/ | Third Party Advisory |
Configurations
Information
Published : 2020-01-26 21:15
Updated : 2020-01-29 11:12
NVD link : CVE-2019-20431
Mitre link : CVE-2019-20431
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
lustre
- lustre