CVE-2020-28374

high

Description

In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

References

https://www.debian.org/security/2021/dsa-4843

https://security.netapp.com/advisory/ntap-20210219-0002/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTGQDYIEO2GOCOOKADBHEITF44GY55QF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HK7SRTITN5ABAUOOIGFVR7XE5YKYYAVO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZEUPID5DZYLZBIO4BEVLHFUDZZIFL57/

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html

https://github.com/torvalds/linux/commit/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2896c93811e39d63a4d9b63ccf12a8fbc226e5e4

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7

https://bugzilla.suse.com/show_bug.cgi?id=1178372

https://bugzilla.suse.com/attachment.cgi?id=844938

http://www.openwall.com/lists/oss-security/2021/01/13/5

http://www.openwall.com/lists/oss-security/2021/01/13/2

http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html

Details

Source: Mitre, NVD

Published: 2021-01-13

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High