lustre CVE 脆弱性と CVE 一覧(11)

製品(CPE): — CVE 件数: 11

lustre 脆弱性概要

lustre 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk memory corruption and バッファオーバーフロー などに関し、一部は vendor impact memory corruption を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 111 / 11 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2019-20432 In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size. [email protected] 7.5 1.81% 2020-01-27 2026-06-16
CVE-2019-20431 In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value. [email protected] 7.5 1.92% 2020-01-27 2026-06-16
CVE-2019-20430 In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client. [email protected] 7.5 2.21% 2020-01-27 2026-06-16
CVE-2019-20429 In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2. [email protected] 7.5 1.90% 2020-01-27 2026-06-16
CVE-2019-20428 In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter. [email protected] 7.5 1.82% 2020-01-27 2026-06-16
CVE-2019-20427 In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error. [email protected] 9.8 4.90% 2020-01-27 2026-06-16
CVE-2019-20426 In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check. [email protected] 7.5 1.92% 2020-01-27 2026-06-16
CVE-2019-20425 In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2. [email protected] 7.5 1.90% 2020-01-27 2026-06-16
CVE-2019-20424 In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client. [email protected] 7.5 2.95% 2020-01-27 2026-06-16
CVE-2019-20423 In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error. [email protected] 7.5 2.06% 2020-01-27 2026-06-16
CVE-2008-4970 runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file. [email protected] 6.9 0.39% 2008-11-06 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence