CVE-2019-20427
27.01.2020, 05:15
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.
| Vendor | Product | Version |
|---|---|---|
| lustre | lustre | 𝑥 < 2.12.3 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||
| linux-aws |
| ||||||||
| linux-aws-5.0 |
| ||||||||
| linux-aws-hwe |
| ||||||||
| linux-azure |
| ||||||||
| linux-azure-5.3 |
| ||||||||
| linux-azure-edge |
| ||||||||
| linux-gcp |
| ||||||||
| linux-gcp-5.3 |
| ||||||||
| linux-gcp-edge |
| ||||||||
| linux-gke-4.15 |
| ||||||||
| linux-gke-5.0 |
| ||||||||
| linux-gke-5.3 |
| ||||||||
| linux-hwe |
| ||||||||
| linux-hwe-edge |
| ||||||||
| linux-kvm |
| ||||||||
| linux-lts-trusty |
| ||||||||
| linux-lts-xenial |
| ||||||||
| linux-oem |
| ||||||||
| linux-oem-5.4 |
| ||||||||
| linux-oem-osp1 |
| ||||||||
| linux-oracle |
| ||||||||
| linux-oracle-5.0 |
| ||||||||
| linux-raspi2 |
| ||||||||
| linux-raspi2-5.3 |
| ||||||||
| linux-snapdragon |
|
References