An issue exists in Lustre versions 2.13.x, 2.14.x, and 2.15.x prior to 2.15.4, allows malicious users to escalate privileges and obtain sensitive information via Incorrect Access Control.
<quote>
Scope of Issue:
</quote>
Only specific combinations of Server, Client and Kernel are vulnerable
The issue is mitigated by any of the following:
1 Disable User Namespaces (see below)
Affected versions:
Lustre Server version: 214 – 2153
Lustre Client version: 212 – 2153
References:
nvdnistgov/vu ...