Lustre : Security Vulnerabilities, CVEs, (Memory corruption)
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.
Max CVSS
7.8
EPSS Score
0.36%
Published
2020-01-27
Updated
2020-01-28
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.
Max CVSS
7.8
EPSS Score
0.36%
Published
2020-01-27
Updated
2020-01-29
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.
Max CVSS
7.8
EPSS Score
0.36%
Published
2020-01-27
Updated
2020-08-24
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2.
Max CVSS
7.8
EPSS Score
0.36%
Published
2020-01-27
Updated
2020-01-29
In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.
Max CVSS
7.8
EPSS Score
0.36%
Published
2020-01-27
Updated
2020-01-28
5 vulnerabilities found