CVE-2019-20428

Vulnerability

In the Lustre file system before version 2.12.3, the ptlrpc module contains an out-of-bounds read vulnerability in the ldl_request_cancel function. The flaw arises because the function fails to properly validate the lock_count parameter from client packets, allowing a large value to cause an out-of-bounds memory access. This affects all Lustre deployments running versions prior to 2.12.3 [1][2].

Exploitation

An attacker with network access to the Lustre server can send a crafted client packet with an excessively large lock_count field. No prior authentication or special privileges are required; the unvalidated packet triggers the vulnerable code path in ldl_request_cancel. Upon receipt, the server attempts to process the large count, leading directly to an out-of-bounds read [2].

Impact

Successful exploitation results in a kernel NULL pointer dereference and kernel panic, as evidenced by the recorded crash dump (e.g., BUG: unable to handle kernel NULL pointer dereference at 000000000000001c). This causes a denial of service (DoS) on the Lustre server, disrupting file system operations for all clients. No evidence of privilege escalation or data corruption is provided in the references [2].

Mitigation

The vulnerability is fixed in Lustre version 2.12.3, released according to the Lustre 2.12.3 Changelog [1]. Users should upgrade all Lustre servers and clients to 2.12.3 or later. No workarounds are documented in the available references. Systems still running earlier versions remain vulnerable.