Lucene search

K

Lustre Security Vulnerabilities

cve
cve

CVE-2019-20428

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count...

7.5CVSS

7.4AI Score

0.005EPSS

2020-01-27 05:15 AM
73
cve
cve

CVE-2019-20427

In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages...

9.8CVSS

9.9AI Score

0.016EPSS

2020-01-27 05:15 AM
73
cve
cve

CVE-2019-20432

In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from...

7.5CVSS

7.5AI Score

0.004EPSS

2020-01-27 05:15 AM
73
cve
cve

CVE-2019-20430

In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a...

7.5CVSS

7.5AI Score

0.004EPSS

2020-01-27 05:15 AM
72
cve
cve

CVE-2019-20431

In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length...

7.5CVSS

7.5AI Score

0.004EPSS

2020-01-27 05:15 AM
78
cve
cve

CVE-2019-20429

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and...

7.5CVSS

7.4AI Score

0.004EPSS

2020-01-27 05:15 AM
79
cve
cve

CVE-2019-20426

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds...

7.5CVSS

7.5AI Score

0.004EPSS

2020-01-27 05:15 AM
76
cve
cve

CVE-2019-20424

In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a...

7.5CVSS

7.5AI Score

0.004EPSS

2020-01-27 05:15 AM
74
cve
cve

CVE-2019-20425

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from...

7.5CVSS

7.5AI Score

0.004EPSS

2020-01-27 05:15 AM
77
cve
cve

CVE-2019-20423

In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer...

7.5CVSS

7.8AI Score

0.005EPSS

2020-01-27 05:15 AM
73
cve
cve

CVE-2008-4970

runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary...

6.3AI Score

0.0004EPSS

2008-11-06 03:55 PM
26