In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.
References
Link | Resource |
---|---|
http://lustre.org/ | Product Vendor Advisory |
http://wiki.lustre.org/Lustre_2.12.3_Changelog | Release Notes Vendor Advisory |
https://jira.whamcloud.com/browse/LU-12603 | Third Party Advisory |
https://review.whamcloud.com/#/c/36108/ | Third Party Advisory |
http://lustre.org/ | Product Vendor Advisory |
http://wiki.lustre.org/Lustre_2.12.3_Changelog | Release Notes Vendor Advisory |
https://jira.whamcloud.com/browse/LU-12603 | Third Party Advisory |
https://review.whamcloud.com/#/c/36108/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 04:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://lustre.org/ - Product, Vendor Advisory | |
References | () http://wiki.lustre.org/Lustre_2.12.3_Changelog - Release Notes, Vendor Advisory | |
References | () https://jira.whamcloud.com/browse/LU-12603 - Third Party Advisory | |
References | () https://review.whamcloud.com/#/c/36108/ - Third Party Advisory |
Information
Published : 2020-01-27 05:15
Updated : 2024-11-21 04:38
NVD link : CVE-2019-20428
Mitre link : CVE-2019-20428
CVE.ORG link : CVE-2019-20428
JSON object : View
Products Affected
lustre
- lustre
CWE
CWE-125
Out-of-bounds Read