CVE-2019-20431
Description
In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds access in Lustre ptlrpc module before 2.12.3 allows denial of service via crafted packets causing kernel panic.
Vulnerability
In the Lustre file system before version 2.12.3, the ptlrpc module's osd_map_remote_to_local function performs an out-of-bounds access due to insufficient validation of specific fields in packets sent by a client. Additionally, osd_bufs_get in the osd_ldiskfs module does not validate a certain length value, leading to a potential out-of-bounds access as well [1][2].
Exploitation
An attacker with network access to a Lustre server can send crafted packets to trigger the out-of-bounds access. No authentication is required. This results in a kernel panic, as evidenced by the stack trace in the bug report [2].
Impact
Successful exploitation causes a kernel panic, resulting in denial of service of the affected Lustre file system node (server or client). No privilege escalation or data compromise is indicated in the available references.
Mitigation
Upgrade to Lustre version 2.12.3 or later, which includes the fix for this issue [1]. No workarounds are described in the references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Lustre/Lustre file systemdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lustre.orgmitrex_refsource_MISC
- wiki.lustre.org/Lustre_2.12.3_Changelogmitrex_refsource_MISC
- jira.whamcloud.com/browse/LU-12612mitrex_refsource_MISC
- review.whamcloud.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.