VYPR

Lustre

by Lustre

CVEs (12)

  • CVE-2023-51786CriMar 7, 2024
    Lustre
    Lustre
    risk 0.59cvss 9.1epss 0.00

    An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control.

  • CVE-2019-20423Jan 27, 2020
    Lustre
    Lustre
    risk 0.00cvss epss 0.01

    In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server,…

  • CVE-2019-20424Jan 27, 2020
    Lustre
    Lustre
    risk 0.00cvss epss 0.01

    In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.

  • CVE-2019-20425Jan 27, 2020
    Lustre
    Lustre
    risk 0.00cvss epss 0.01

    In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from…

  • CVE-2019-20426Jan 27, 2020
    Lustre
    Lustre
    risk 0.00cvss epss 0.01

    In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.

  • CVE-2019-20427Jan 27, 2020
    Lustre
    Lustre
    risk 0.00cvss epss 0.04

    In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a…

  • CVE-2019-20428Jan 27, 2020
    Lustre
    Lustre
    risk 0.00cvss epss 0.01

    In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.

  • CVE-2019-20429Jan 27, 2020
    Lustre
    Lustre
    risk 0.00cvss epss 0.01

    In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and…

  • CVE-2019-20430Jan 27, 2020
    Lustre
    Lustre
    risk 0.00cvss epss 0.01

    In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.

  • CVE-2019-20431Jan 27, 2020
    Lustre
    Lustre
    risk 0.00cvss epss 0.01

    In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value.

  • CVE-2019-20432Jan 27, 2020
    Lustre
    Lustre
    risk 0.00cvss epss 0.01

    In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.

  • CVE-2008-4970Nov 6, 2008
    Lustre
    Lustre Tests
    risk 0.00cvss epss 0.00

    runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.