CVE-2020-28374Path Traversal in Kernel

CWE-22Path TraversalCWE-20Improper Input Validation21 documents8 sources
Severity
8.1HIGHNVD
OSV5.5
EPSS
0.3%
top 46.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelDebian LinuxDebian Tcmu+4 more
Timeline
PublishedJan 13
Latest updateMay 24

Description

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages7 packages

NVDlinux/linux_kernel< 5.10.7
Debianlinux/linux_kernel< 5.10.9-1+3
Ubuntulinux/linux_kernel< 4.4.0-262.296+2
debiandebian/linux< linux 5.10.9-1 (bookworm)

Also affects: Debian Linux 10.0, 9.0, Fedora 32, 33

Patches

Patch: bugzilla.suse.comPatch: git.kernel.orgPatch: github.com

🔴Vulnerability Details

8
GHSA
GHSA-xp87-7m9f-4cr9: In drivers/target/target_core_xcopy2022-05-24
GHSA
GHSA-j364-gjm2-cwx8: In Open-iSCSI tcmu-runner 12022-05-24
OSV
linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2021-02-05
OSV
linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2021-02-02
OSV
Kernel Live Patch Security Notice2021-01-26

📋Vendor Advisories

11
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2021-04-06
Ubuntu
Linux kernel (OEM) vulnerability2021-02-25
Ubuntu
Linux kernel vulnerability2021-02-10
Ubuntu
Linux kernel vulnerabilities2021-02-05
Ubuntu
Linux kernel vulnerabilities2021-02-02