VDB
CVE-2019-20423
CVE-2019-20423
PUBLISHED
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.
EPSS 0.62% · 70.4th percentile
Risk Scores
EPSS Score
0.62%
70.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | linux-lts-xenial | 4.4.0-270.304~14.04.1, 4.4.0-251.285~14.04.1, 4.4.0-252.286~14.04.1 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.13.0-17.20~16.04.1, 4.8.0-28.30~16.04.1, 0 |
| Ubuntu:18.04:LTS | linux-gcp-edge | 4.18.0-1008.9~18.04.1, 4.18.0-1009.10~18.04.1, 4.18.0-1011.12~18.04.1 |
| Ubuntu:Pro:14.04:LTS | linux | 3.13.0-196.247, 0, 3.11.0-12.19 |
| Ubuntu:18.04:LTS | linux-azure-edge | 0, 4.18.0-1006.6~18.04.1, 5.0.0-1012.12~18.04.2 |
| Ubuntu:Pro:14.04:LTS | linux-aws | 4.4.0-1146.152, 4.4.0-1148.154, 4.4.0-1149.155 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.3.0-22.24~18.04.1, 5.3.0-23.25~18.04.1, 5.3.0-23.25~18.04.2 |
| Ubuntu:Pro:14.04:LTS | linux-azure | *, *, 4.15.0-1124.137~14.04.1 |
Exploit Intelligence
Timeline
- Jan 27, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-20423 third-party-advisory
- http://lustre.org/ third-party-advisory
- http://wiki.lustre.org/Lustre_2.12.3_Changelog third-party-advisory
- https://jira.whamcloud.com/browse/LU-12605 third-party-advisory
- https://review.whamcloud.com/#/c/35935/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-20423 third-party-advisory