CVE-2019-20430 - OpenCVE

In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Lustre	Lustre

Configuration 1 [-]

cpe:2.3:a:lustre:lustre:*:*:*:*:*:*:*:*

References

Link	Resource
http://lustre.org/	Product Vendor Advisory
http://wiki.lustre.org/Lustre_2.12.3_Changelog	Release Notes Vendor Advisory
https://jira.whamcloud.com/browse/LU-12602	Exploit Third Party Advisory
https://review.whamcloud.com/#/c/36208/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-27T04:20:09

Updated: 2020-01-27T04:20:09

Reserved: 2020-01-27T00:00:00

Link: CVE-2019-20430

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-27T05:15:12.420

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-20430

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-27T04:20:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"}, {"tags": ["x_refsource_MISC"], "url": "http://lustre.org/"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.whamcloud.com/browse/LU-12602"}, {"tags": ["x_refsource_MISC"], "url": "https://review.whamcloud.com/#/c/36208/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-20430", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", "refsource": "MISC", "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"}, {"name": "http://lustre.org/", "refsource": "MISC", "url": "http://lustre.org/"}, {"name": "https://jira.whamcloud.com/browse/LU-12602", "refsource": "MISC", "url": "https://jira.whamcloud.com/browse/LU-12602"}, {"name": "https://review.whamcloud.com/#/c/36208/", "refsource": "MISC", "url": "https://review.whamcloud.com/#/c/36208/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-20430", "datePublished": "2020-01-27T04:20:09", "dateReserved": "2020-01-27T00:00:00", "dateUpdated": "2020-01-27T04:20:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lustre:lustre:*:*:*:*:*:*:*:*", "matchCriteriaId": "172579FA-E7BC-4490-BA7D-1B5737B84154", "versionEndExcluding": "2.12.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client."}, {"lang": "es", "value": "En el sistema de archivos de Lustre versiones anteriores versiones hasta 2.12.3, el m\u00f3dulo mdt presenta un p\u00e1nico de LBUG (por medio de un campo largo eadatasize de Body MDT) debido a la falta de comprobaci\u00f3n para campos de paquetes espec\u00edficos enviados mediante un cliente."}], "id": "CVE-2019-20430", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-27T05:15:12.420", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "http://lustre.org/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://jira.whamcloud.com/browse/LU-12602"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://review.whamcloud.com/#/c/36208/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-670"}], "source": "nvd@nist.gov", "type": "Primary"}]}