Lucene search
K

31 matches found

OSV
OSV
added 2021/02/10 1:17 a.m.4 views

USN-4713-2 linux, linux-gke-5.0, linux-gke-5.3, linux-hwe, linux-raspi2-5.3 vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/02/10 12:0 a.m.57 views

Ubuntu 18.04 LTS : Linux kernel vulnerability (USN-4713-2)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4713-2 advisory. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker wi...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References2
OSV
OSV
added 2021/02/05 1:4 a.m.8 views

USN-4711-1 linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References3
OSV
OSV
added 2021/02/02 6:17 a.m.7 views

USN-4713-1 linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/01/28 12:0 a.m.69 views

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerability (USN-4713-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4713-1 advisory. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An...

8.1CVSS6.8AI score0.06563EPSS
Exploits0References2
Mageia
Mageia
added 2021/01/20 10:45 p.m.59 views

Updated kernel packages fix security vulnerability

This kernel update is based on upstream 5.10.8 and fixes at least the following security issue: SCSI “EXTENDED COPY” XCOPY requests sent to a Linux SCSI target LIO allow an attacker to read or write anywhere on any LIO backstore configured on the host, provided the attacker has access to one LUN...

8.1CVSS1AI score0.06563EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2021/01/20 8:0 a.m.5 views

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7 insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request aka CID-2896c93811e3. For example an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

...

8.1CVSS7AI score0.06563EPSS
Exploits0
OSV
OSV
added 2021/01/14 11:48 p.m.8 views

USN-4694-1 linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-lts-xenial vulnerability

It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/01/13 3:7 a.m.65 views

CVE-2020-28374

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a...

8.1CVSS6.8AI score0.06563EPSS
Exploits0
OSV
OSV
added 2021/01/12 12:0 a.m.3 views

UBUNTU-CVE-2020-28374

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a...

8.1CVSS6.7AI score0.06563EPSS
Exploits0References11
CNVD
CNVD
added 2017/11/17 12:0 a.m.6 views

tcmu-runner Information Disclosure Vulnerability

tcmu-runner is a daemon for handling the userspace side of the LIO TCM-User backstore. An information disclosure vulnerability exists in handlerqcow.so in tcmu-runner versions 0.91-1.2.0. An attacker can exploit this vulnerability to inspect any file with root privileges...

7.5CVSS6.4AI score0.01463EPSS
Exploits0References1
Rows per page
Query Builder