Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lustre lustre vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2008-4970
runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/iozone.log temporary file.
Lustre Lustre-tests 1.6.5
Lustre Lustre-tests 1.6.5.1
7.8
CVSSv2
CVE-2019-20423
In the Lustre file system prior to 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, bec...
Lustre Lustre
7.8
CVSSv2
CVE-2019-20429
In the Lustre file system prior to 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and ...
Lustre Lustre
7.8
CVSSv2
CVE-2019-20431
In the Lustre file system prior to 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length valu...
Lustre Lustre
9
CVSSv2
CVE-2019-20427
In the Lustre file system prior to 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a t...
Lustre Lustre
7.8
CVSSv2
CVE-2019-20432
In the Lustre file system prior to 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size.
Lustre Lustre
7.8
CVSSv2
CVE-2019-20424
In the Lustre file system prior to 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client.
Lustre Lustre
7.8
CVSSv2
CVE-2019-20425
In the Lustre file system prior to 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustr...
Lustre Lustre
7.8
CVSSv2
CVE-2019-20426
In the Lustre file system prior to 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check.
Lustre Lustre
7.8
CVSSv2
CVE-2019-20428
In the Lustre file system prior to 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.
Lustre Lustre
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »