CVE-2019-20429

Vulnerability

The Lustre file system's ptlrpc module, specifically in the sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2 functions, contains an out-of-bounds read vulnerability. The bug arises from insufficient validation of specific fields (notably lm_bufcount) in packets sent by a client. An attacker can craft a packet with a modified lm_bufcount that exceeds expected bounds, causing __lustre_unpack_msg to read beyond the allocated buffer. This affects Lustre versions before 2.12.3 [1].

Exploitation

An attacker with network access to a Lustre server can send a specially crafted RPC packet with a manipulated lm_bufcount field. The server processes this packet without proper validation, leading to an out-of-bounds read. This triggers a kernel panic as shown in the crash dump from Jira issue LU-12590 [2]. No authentication is required, as the vulnerable code path is reached before authentication checks.

Impact

Successful exploitation results in a denial-of-service condition via kernel panic, crashing the server. While an out-of-bounds read could potentially leak sensitive memory contents, the primary impact is service disruption. The attack does not grant code execution or privilege escalation.

Mitigation

The vulnerability is fixed in Lustre version 2.12.3, released on an unspecified date [1]. Users should upgrade to this version or later. No workarounds are documented in the available references. If upgrading is not possible, restricting network access to trusted clients may reduce risk.