← Back

Lustre

lustre

Vendor: Lustre • 10 CVEs

CVEs (10)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-20432
1Lustre
1Lustre
Nov 21, 2024
Jan 27, 2020
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the va...Show more
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.Show less
CVE-2019-20431
1Lustre
1Lustre
Nov 21, 2024
Jan 27, 2020
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the...Show more
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.Show less
CVE-2019-20430
1Lustre
1Lustre
Nov 21, 2024
Jan 27, 2020
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.
CVE-2019-20429
1Lustre
1Lustre
Nov 21, 2024
Jan 27, 2020
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is cau...Show more
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2.Show less
CVE-2019-20428
1Lustre
1Lustre
Nov 21, 2024
Jan 27, 2020
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a l...Show more
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.Show less
CVE-2019-20427
1Lustre
1Lustre
Nov 21, 2024
Jan 27, 2020
N/A· v4
9.8 CRITICAL· v3
9.0 HIGH· v2
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction b...Show more
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.Show less
CVE-2019-20426
1Lustre
1Lustre
Nov 21, 2024
Jan 27, 2020
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, the...Show more
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.Show less
CVE-2019-20425
1Lustre
1Lustre
Nov 21, 2024
Jan 27, 2020
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is...Show more
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2.Show less
CVE-2019-20424
1Lustre
1Lustre
Nov 21, 2024
Jan 27, 2020
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.
CVE-2019-20423
1Lustre
1Lustre
Nov 21, 2024
Jan 27, 2020
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a...Show more
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.Show less