CVE-2020-28374

Vulnerability Description

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
• http://www.openwall.com/lists/oss-security/2021/01/13/2Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2021/01/13/5Mailing ListThird Party Advisory
• https://bugzilla.suse.com/attachment.cgi?id=844938Issue TrackingThird Party Advisory
• https://bugzilla.suse.com/show_bug.cgi?id=1178372Issue TrackingPatchThird Party Advisory
• https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7Release NotesVendor Advisory
• https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2896cPatchVendor Advisory
• https://github.com/torvalds/linux/commit/2896c93811e39d63a4d9b63ccf12a8fbc226e5ePatchThird Party Advisory
• https://lists.debian.org/debian-lts-announce/2021/02/msg00018.htmlMailing ListThird Party Advisory
• https://lists.debian.org/debian-lts-announce/2021/03/msg00010.htmlMailing ListThird Party Advisory
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
• https://security.netapp.com/advisory/ntap-20210219-0002/Third Party Advisory
• https://www.debian.org/security/2021/dsa-4843Third Party Advisory