CVE-2019-20425

Name of the Vulnerable Software and Affected Versions Lustre file system versions prior to 2.12.3

Description The issue is related to the ptlrpc module in the Lustre file system, where a lack of validation for specific fields of packets sent by a client can lead to an out-of-bounds access and panic. Specifically, the function lustre msg string does not validate a certain length value derived from lustre msg buflen v2. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 2.12.3, update to version 2.12.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the ptlrpc module to minimize the risk of exploitation.