56 matches found
Out-of-bounds
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustremsgstring, there is no validation of a certain length value derived from lustremsgbuflenv2...
Out-of-bounds
In the Lustre file system before 2.12.3, the ptlrpc module has an osdmapremotetolocal out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osdbufsget in the osdldiskfs module does not validate a certain length value...
UBUNTU-CVE-2019-20426
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlmcancelhpreqcheck, there is no lockcount bounds check...
UBUNTU-CVE-2019-20425
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustremsgstring, there is no validation of a certain length value derived from lustremsgbuflenv2...
UBUNTU-CVE-2019-20427
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between reqcapsulegetsize and tgtbrwwrite leads to a tgtshortio2pages integer...
CVE-2019-20423
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function targethandleconnect mishandles a certain size value when a client connects to a server, because of an integer...
CVE-2019-20423
CVE-2019-20423 affects the Lustre file system prior to 2.12.3, where the ptlrpc module can overflow the buffer and panic due to lacking validation of certain fields in client packets. The root cause is an integer signedness error in target_handle_connect() that mishandles a specific size value wh...
CVE-2019-20425
CVE-2019-20425 affects Lustre file system ptlrpc module prior to 2.12.3, where an out-of-bounds access and panic arise from insufficient validation of certain fields in client packets, specifically due to lack of validation of a length value derived from lustre_msg_buflen_v2 in lustre_msg_string....
CVE-2019-20425
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustremsgstring, there is no validation of a certain length value derived from lustremsgbuflenv2...
CVE-2019-20426
CVE-2019-20426 affects the Lustre file system before 2.12.3. The ptlrpc module suffers an out-of-bounds access and potential panic due to missing validation of specific client packet fields; specifically, in ldlm_cancel_hpreq_check there is no bounds check on the lock_count. The Red Hat advisory ...
CVE-2019-20426
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlmcancelhpreqcheck, there is no lockcount bounds check...
CVE-2019-20428
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldlrequestcancel function mishandles a large lockcount parameter...
CVE-2019-20428
CVE-2019-20428 affects Lustre prior to 2.12.3. The ptlrpc module can trigger an out-of-bounds read and panic due to insufficient validation of certain client packet fields, with the ldl_request_cancel function mishandling a large lock_count. Impact is a potential crash/denial of service as descri...
CVE-2019-20429
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic via a modified lmbufcount field due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpcsvcunwraprequest and lustremsghdrsizev2...
CVE-2019-20431
In the Lustre file system before 2.12.3, the ptlrpc module has an osdmapremotetolocal out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osdbufsget in the osdldiskfs module does not validate a certain length value...
CVE-2019-20431
CVE-2019-20431 affects the Lustre file system prior to version 2.12.3, where the ptlrpc module permits an osd_map_remote_to_local out-of-bounds access and panics due to lack of validation of certain packet fields from a client. The osd_bufs_get function in the osd_ldiskfs module also lacks valida...