CVE-2019-20428

Name of the Vulnerable Software and Affected Versions Lustre file system versions prior to 2.12.3

Description The issue is related to the ptlrpc module in the Lustre file system, where a lack of validation for specific fields of packets sent by a client can cause an out-of-bounds read and panic. Specifically, the ldl request cancel function mishandles a large lock count parameter.

Recommendations For versions prior to 2.12.3, update to version 2.12.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the ptlrpc module to minimize the risk of exploitation.