CVE-2019-20427

critical

Description

In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.

References

https://review.whamcloud.com/#/c/35867/

https://jira.whamcloud.com/browse/LU-12600

http://wiki.lustre.org/Lustre_2.12.3_Changelog

http://lustre.org/

Details

Source: Mitre, NVD

Published: 2020-01-27

Updated: 2020-01-29

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05798