CVE-2019-20423
27.01.2020, 05:15
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.
| Vendor | Product | Version |
|---|---|---|
| lustre | lustre | 𝑥 < 2.12.3 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||
| linux-aws |
| ||||||||
| linux-aws-5.0 |
| ||||||||
| linux-aws-hwe |
| ||||||||
| linux-azure |
| ||||||||
| linux-azure-5.3 |
| ||||||||
| linux-azure-edge |
| ||||||||
| linux-gcp |
| ||||||||
| linux-gcp-5.3 |
| ||||||||
| linux-gcp-edge |
| ||||||||
| linux-gke-4.15 |
| ||||||||
| linux-gke-5.0 |
| ||||||||
| linux-gke-5.3 |
| ||||||||
| linux-hwe |
| ||||||||
| linux-hwe-edge |
| ||||||||
| linux-kvm |
| ||||||||
| linux-lts-trusty |
| ||||||||
| linux-lts-xenial |
| ||||||||
| linux-oem |
| ||||||||
| linux-oem-5.4 |
| ||||||||
| linux-oem-osp1 |
| ||||||||
| linux-oracle |
| ||||||||
| linux-oracle-5.0 |
| ||||||||
| linux-raspi2 |
| ||||||||
| linux-raspi2-5.3 |
| ||||||||
| linux-snapdragon |
|
References