Vulnerabilities > Lustre

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2019-20432 Out-of-bounds Write vulnerability in Lustre
In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-787
7.8
7.8
2020-01-27 CVE-2019-20431 Out-of-bounds Write vulnerability in Lustre
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-787
7.8
7.8
2020-01-27 CVE-2019-20430 Improper Input Validation vulnerability in Lustre
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-20
7.8
7.8
2020-01-27 CVE-2019-20429 Out-of-bounds Read vulnerability in Lustre
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-125
7.8
7.8
2020-01-27 CVE-2019-20428 Out-of-bounds Read vulnerability in Lustre
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-125
7.8
7.8
2020-01-27 CVE-2019-20427 Classic Buffer Overflow vulnerability in Lustre
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-120
critical
 9.0
9.0
2020-01-27 CVE-2019-20426 Out-of-bounds Write vulnerability in Lustre
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-787
7.8
7.8
2020-01-27 CVE-2019-20425 Out-of-bounds Write vulnerability in Lustre
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-787
7.8
7.8
2020-01-27 CVE-2019-20424 NULL Pointer Dereference vulnerability in Lustre
In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-476
7.8
7.8
2020-01-27 CVE-2019-20423 Classic Buffer Overflow vulnerability in Lustre
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client.
network
low complexity
lustre CWE-120
7.8
7.8