exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

CVE-2020-28374

Status Candidate

Overview

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

Related Files

Red Hat Security Advisory 2021-2732-01
Posted Jul 21, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2732-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-28374, CVE-2021-33034, CVE-2021-3347, CVE-2021-33909
SHA-256 | 0ae2089bc9085202733263eabe1826d5a267dff310b38d9b7973e70e4d251579
Red Hat Security Advisory 2021-2185-01
Posted Jun 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2185-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-12114, CVE-2020-12362, CVE-2020-28374
SHA-256 | a22f93092329a9338361356b1eadb308f6359ca593ced45ffdd7647ea37d6460
Red Hat Security Advisory 2021-2190-01
Posted Jun 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2190-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-12114, CVE-2020-12362, CVE-2020-28374
SHA-256 | b85130912b4595e4fa9d7cc4ff48b4967163f32f1fbd6b3edd7ffe9d8d903aa8
Red Hat Security Advisory 2021-2167-01
Posted Jun 1, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2167-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-28374
SHA-256 | e8bb76322cc43a59a2aa6188a3e3e1fefa9d5ff50314dc5bc7300d232d4e68ac
Red Hat Security Advisory 2021-2106-01
Posted May 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2106-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include integer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-12362, CVE-2020-28374, CVE-2021-3347
SHA-256 | 775fce3d03eabb54bb5d51aab1111a58b6cc0bbd838e0639c03d3455953a4aa4
Red Hat Security Advisory 2021-2099-01
Posted May 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2099-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-28374, CVE-2021-3347
SHA-256 | 6906165df9c117edd56cb4b51e3f374613849a28bd02863a973b9bf5871dfb89
Red Hat Security Advisory 2021-1532-01
Posted May 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1532-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-28374, CVE-2021-27364, CVE-2021-27365
SHA-256 | cc0928aecacd4f75257d1b212857779f7fe134f09ee2bbadde9f2cc482bdcdae
Red Hat Security Advisory 2021-1531-01
Posted May 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1531-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds read, and out of bounds write vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2019-19532, CVE-2020-25211, CVE-2020-25705, CVE-2020-28374, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
SHA-256 | 342af24d3706d582f6305539e856e3a55e0bebe3466915e1c717cfb30a19713c
Red Hat Security Advisory 2021-1448-01
Posted Apr 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1448-01 - Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve some security issues and bugs. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-15586, CVE-2020-16845, CVE-2020-27152, CVE-2020-28362, CVE-2020-28374, CVE-2021-20305, CVE-2021-23358, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347, CVE-2021-3449, CVE-2021-3450
SHA-256 | e0ed9dcea65dc8c6aed72a7323bfdf194a8e68c45019b280ca356c117d319f9c
Red Hat Security Advisory 2021-1376-01
Posted Apr 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1376-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-15436, CVE-2020-28374, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
SHA-256 | 240032e93bcb7b4ed0735232f82e3b09c775facff14f3a3bea7b130dd3b6a555
Red Hat Security Advisory 2021-1377-01
Posted Apr 27, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1377-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-28374, CVE-2021-27364, CVE-2021-27365
SHA-256 | ef5f189198155a80dd82a4c1ff695427a03a5f6126ff823378ccca72f3fa0f42
Red Hat Security Advisory 2021-1369-01
Posted Apr 26, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1369-01 - Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-14040, CVE-2020-27152, CVE-2020-28374, CVE-2020-35149, CVE-2021-20218, CVE-2021-20305, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3121, CVE-2021-3347, CVE-2021-3449, CVE-2021-3450
SHA-256 | 019fe35bad08451966b333b48fcaaaf15597ee545c7cbbff9ea4261482d338df
Red Hat Security Advisory 2021-1168-01
Posted Apr 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1168-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console-with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include code execution, denial of service, integer overflow, and null pointer vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-14040, CVE-2020-27152, CVE-2020-28374, CVE-2020-28500, CVE-2020-28851, CVE-2020-28852, CVE-2020-29529, CVE-2021-21321, CVE-2021-21322, CVE-2021-23337, CVE-2021-23840, CVE-2021-23841, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3121, CVE-2021-3347, CVE-2021-3449, CVE-2021-3450
SHA-256 | cfc0ee4720a885efcdbb629dc90451c511ea3b56ea59530b3ab8554fa0475c01
Ubuntu Security Notice USN-4901-1
Posted Apr 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4901-1 - Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-28374, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365
SHA-256 | 6d1fd34ada85522e50965e160e5c5eef31b6ea21b01517798c6cc78c4cbd7ac9
Red Hat Security Advisory 2021-1093-01
Posted Apr 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1093-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-27152, CVE-2020-28374, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347
SHA-256 | 059ac98f927be53cb34bfbcaf019e55b9c1f39acbc7086390533a8aeb6488dfa
Red Hat Security Advisory 2021-1081-01
Posted Apr 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1081-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-27152, CVE-2020-28374, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347
SHA-256 | aef5b23a4fe73958169e2989069fbdd8e0bd4e5e24e1ccfe2f32980af659f93e
Red Hat Security Advisory 2021-0857-01
Posted Mar 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0857-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2019-19532, CVE-2020-0427, CVE-2020-14351, CVE-2020-25211, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-28374, CVE-2020-29661, CVE-2020-7053, CVE-2021-20265
SHA-256 | 52b1ba89ad5b5b01bc9fbbc0c26885b43edd807f81c5a3811079118a010cfd3f
Red Hat Security Advisory 2021-0856-01
Posted Mar 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0856-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2019-19532, CVE-2020-0427, CVE-2020-14351, CVE-2020-25211, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-28374, CVE-2020-29661, CVE-2020-7053, CVE-2021-20265
SHA-256 | 848127b0ce6b0e3e3f3e313979c52ece03f0429de6169b74b851dff3a01ddcda
Red Hat Security Advisory 2021-0862-01
Posted Mar 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0862-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-28374, CVE-2020-29661
SHA-256 | 688615d8f7804efc14b56620f418150b23675228da2b445c0a1ffdcbe74b0769
Ubuntu Security Notice USN-4753-1
Posted Feb 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4753-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2020-28374
SHA-256 | f8284728985d63a7673b46fbb9ce575d19caab6433c94973217809c8b4948e7d
Ubuntu Security Notice USN-4713-2
Posted Feb 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4713-2 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2020-28374
SHA-256 | 33006688440706d80f92159adf06335105a943bc106b735a9520e4fd9d365852
Kernel Live Patch Security Notice LSN-0074-1
Posted Feb 1, 2021
Authored by Benjamin M. Romer

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information (kernel memory). Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate remote attacker could use this to expose sensitive information (kernel memory). Various other issues were also addressed.

tags | advisory, remote, kernel, local
systems | linux
advisories | CVE-2020-0427, CVE-2020-12352, CVE-2020-25645, CVE-2020-28374
SHA-256 | 682e52dd49535c7ff7a41efaf9cdf2164f511e0432317c6e2e9cafb8c2198527
Ubuntu Security Notice USN-4713-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4713-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data.

tags | advisory, kernel
systems | linux, ubuntu
advisories | CVE-2020-28374
SHA-256 | e54c2f7945046a1c9e11fb72df83291b0bc436c5cba66d48d017b06395a959a5
Ubuntu Security Notice USN-4711-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4711-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2020-25704, CVE-2020-28374
SHA-256 | f4ec8d5e13f6ebabd01ab8ec3a0edd91e652d99a1c9951bea7a7b8fc134c23a1
Ubuntu Security Notice USN-4709-1
Posted Jan 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4709-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2018-13093, CVE-2019-19816, CVE-2020-25669, CVE-2020-28374
SHA-256 | fe94a8f5a2d43d1cda30e40ac4225c3ca772961ef30b275ab465ae19ea4d189e
Page 1 of 2
Back12Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close