CVE-2020-28374

NameCVE-2020-28374
DescriptionIn drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2557-1, DLA-2586-1, DSA-4843-1, ELA-378-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie, jessie (lts)3.16.84-1vulnerable
stretch (security)4.9.320-2fixed
stretch (lts), stretch4.9.320-3fixed
buster (security), buster, buster (lts)4.19.316-1fixed
bullseye5.10.223-1fixed
bullseye (security)5.10.226-1fixed
bookworm6.1.115-1fixed
bookworm (security)6.1.112-1fixed
trixie6.11.7-1fixed
sid6.11.9-1fixed
linux-4.19 (PTS)stretch (security)4.19.232-1~deb9u1fixed
stretch (lts), stretch4.19.316-1~deb9u1fixed
linux-4.9 (PTS)jessie, jessie (lts)4.9.303-1~deb8u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcejessie(unfixed)end-of-life
linuxsourcestretch4.9.258-1DLA-2586-1
linuxsourcebuster4.19.171-2DSA-4843-1
linuxsource(unstable)5.10.9-1
linux-4.19sourcestretch4.19.171-2~deb9u1DLA-2557-1
linux-4.9sourcejessie4.9.258-1~deb8u1ELA-378-1

Notes

https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4
https://www.openwall.com/lists/oss-security/2021/01/12/12
Search for package or bug name: Reporting problems