CVE-2020-28374

MEDIUM

Description

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

References

http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html

http://www.openwall.com/lists/oss-security/2021/01/13/2

http://www.openwall.com/lists/oss-security/2021/01/13/5

https://bugzilla.suse.com/attachment.cgi?id=844938

https://bugzilla.suse.com/show_bug.cgi?id=1178372

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2896c93811e39d63a4d9b63ccf12a8fbc226e5e4

https://github.com/torvalds/linux/commit/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4

https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/FZEUPID5DZYLZBIO4BEVLHFUDZZIFL57/

https://lists.fedoraproject.org/archives/list/[email protected]/message/HK7SRTITN5ABAUOOIGFVR7XE5YKYYAVO/

https://lists.fedoraproject.org/archives/list/[email protected]/message/LTGQDYIEO2GOCOOKADBHEITF44GY55QF/

https://security.netapp.com/advisory/ntap-20210219-0002/

https://www.debian.org/security/2021/dsa-4843

Details

Source: MITRE

Published: 2021-01-13

Updated: 2021-03-15

Type: CWE-22

Risk Information

CVSS v2.0

Base Score: 5.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (58 total)

IDNameProductFamilySeverity
148634EulerOS : kernel (EulerOS-SA-2021-1715)NessusHuawei Local Security Checks
high
148550Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9038)NessusOracle Linux Local Security Checks
high
148549Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9037)NessusOracle Linux Local Security Checks
high
148422CentOS 8 : kernel (CESA-2021:1093)NessusCentOS Local Security Checks
high
148371Oracle Linux 8 : kernel (ELSA-2021-1093)NessusOracle Linux Local Security Checks
high
148370RHEL 8 : kernel (RHSA-2021:1093)NessusRed Hat Local Security Checks
high
148369RHEL 8 : kernel-rt (RHSA-2021:1081)NessusRed Hat Local Security Checks
high
148350Photon OS 4.0: Linux PHSA-2021-4.0-0007NessusPhotonOS Local Security Checks
high
148005Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerability (USN-4753-1)NessusUbuntu Local Security Checks
medium
147885CentOS 7 : kernel (CESA-2021:0856)NessusCentOS Local Security Checks
high
147875SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0835-1)NessusSuSE Local Security Checks
high
147871SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0870-1)NessusSuSE Local Security Checks
high
147861Oracle Linux 7 : kernel (ELSA-2021-0856)NessusOracle Linux Local Security Checks
high
147835RHEL 7 : kernel (RHSA-2021:0856)NessusRed Hat Local Security Checks
high
147833RHEL 7 : kpatch-patch (RHSA-2021:0862)NessusRed Hat Local Security Checks
high
147827RHEL 7 : kernel-rt (RHSA-2021:0857)NessusRed Hat Local Security Checks
high
147597SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0744-1)NessusSuSE Local Security Checks
medium
147588EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1386)NessusHuawei Local Security Checks
high
147544SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0743-1)NessusSuSE Local Security Checks
medium
147532Debian DLA-2586-1 : linux security updateNessusDebian Local Security Checks
high
146631Amazon Linux 2 : kernel (ALAS-2021-1600)NessusAmazon Linux Local Security Checks
high
146569Amazon Linux AMI : kernel (ALAS-2021-1480)NessusAmazon Linux Local Security Checks
high
146512Debian DLA-2557-1 : linux-4.19 security updateNessusDebian Local Security Checks
high
146474SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)NessusSuSE Local Security Checks
high
146470SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)NessusSuSE Local Security Checks
high
146406SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0427-1)NessusSuSE Local Security Checks
high
146362SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0348-1)NessusSuSE Local Security Checks
high
146349Ubuntu 18.04 LTS : Linux kernel vulnerability (USN-4713-2)NessusUbuntu Local Security Checks
medium
146300Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9035)NessusOracle Linux Local Security Checks
high
146299Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9039)NessusOracle Linux Local Security Checks
high
146261EulerOS : kernel (EulerOS-SA-2021-1265)NessusHuawei Local Security Checks
high
146248OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0005)NessusOracleVM Local Security Checks
high
146217EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-1246)NessusHuawei Local Security Checks
high
146192Fedora 33 : tcmu-runner (2021-4a91649cf3)NessusFedora Local Security Checks
medium
146052Debian DSA-4843-1 : linux - security updateNessusDebian Local Security Checks
high
146047Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9025)NessusOracle Linux Local Security Checks
high
146045Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9024)NessusOracle Linux Local Security Checks
high
145726EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-1148)NessusHuawei Local Security Checks
high
145700Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9023)NessusOracle Linux Local Security Checks
high
145516Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4709-1)NessusUbuntu Local Security Checks
high
145515Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : Linux kernel vulnerability (USN-4713-1)NessusUbuntu Local Security Checks
medium
145511Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4711-1)NessusUbuntu Local Security Checks
medium
145459Photon OS 2.0: Linux PHSA-2021-2.0-0314NessusPhotonOS Local Security Checks
high
145320openSUSE Security Update : the Linux Kernel (openSUSE-2021-60)NessusSuSE Local Security Checks
high
145287openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)NessusSuSE Local Security Checks
high
145230Photon OS 3.0: Linux PHSA-2021-3.0-0185NessusPhotonOS Local Security Checks
medium
145154Fedora 32 : kernel / kernel-headers (2021-082e638d02)NessusFedora Local Security Checks
medium
145120SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)NessusSuSE Local Security Checks
high
145107Fedora 33 : kernel / kernel-headers (2021-620fb40359)NessusFedora Local Security Checks
medium
145025SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0117-1)NessusSuSE Local Security Checks
high
145018SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)NessusSuSE Local Security Checks
high
145007Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Linux kernel vulnerability (USN-4694-1)NessusUbuntu Local Security Checks
medium
144915SUSE SLES15 Security Update : tcmu-runner (SUSE-SU-2021:0093-1)NessusSuSE Local Security Checks
medium
144907Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9006)NessusOracle Linux Local Security Checks
high
144906Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9007)NessusOracle Linux Local Security Checks
high
144905Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9009)NessusOracle Linux Local Security Checks
high
144904Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9005)NessusOracle Linux Local Security Checks
high
144903Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9008)NessusOracle Linux Local Security Checks
high