Bug 1899804 (CVE-2020-28374) - CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore
Summary: CVE-2020-28374 kernel: SCSI target (LIO) write to any block on ILO backstore
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-28374
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1900459 1900460 1900461 1900462 1900463 1900464 1900465 1900466 1900467 1900468 1900469 1900470 1900471 1900472 1900473 1900474 1902566 1902567 1902568 1902569 1902570 1902571 1902572 1902573 1908805 1908806 1915786 1948464
Blocks: 1897690
TreeView+ depends on / blocked
 
Reported: 2020-11-20 04:25 UTC by Wade Mealing
Modified: 2021-07-20 21:15 UTC (History)
59 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the backing store. The highest threat from this vulnerability is to integrity. In addition, this flaw affects the tcmu-runner package, where the affected SCSI command is called.
Clone Of:
Environment:
Last Closed: 2021-03-16 19:19:12 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0856 0 None None None 2021-03-16 13:51:18 UTC
Red Hat Product Errata RHSA-2021:0857 0 None None None 2021-03-16 13:52:19 UTC
Red Hat Product Errata RHSA-2021:0862 0 None None None 2021-03-16 13:54:33 UTC
Red Hat Product Errata RHSA-2021:2732 0 None None None 2021-07-20 21:15:32 UTC

Description Wade Mealing 2020-11-20 04:25:52 UTC
A flaw was found in the Linux kernels implementation of Linux SCSI target host where an authenticated attacker to write to any block on the exported scsi device backing store.  This could allow an authenticated attacker who is able to send LIO block requests to the linux system to overwrite data on the backing store.

The system using the backing store may have corrupted data, or incorrect data and depending on the use case, this could possibly be leveraged to a more serious attack such as privilege escalation.

Comment 21 Marian Rehak 2021-01-13 12:38:31 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1915786]


Created tcmu-runner tracking bugs for this issue:

Affects: fedora-all [bug 1915787]

Comment 22 amctagga 2021-01-14 02:12:59 UTC
https://bugzilla.redhat.com/show_bug.cgi?id=1916045 Created a new flaw to reflect the new cve for tcmu-runner.

Comment 23 amctagga 2021-01-14 02:28:06 UTC
Removed affects here, added to new flaw and linked existing trackers.

Comment 24 errata-xmlrpc 2021-03-16 13:51:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0856 https://access.redhat.com/errata/RHSA-2021:0856

Comment 25 errata-xmlrpc 2021-03-16 13:52:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0857 https://access.redhat.com/errata/RHSA-2021:0857

Comment 26 errata-xmlrpc 2021-03-16 13:54:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:0862 https://access.redhat.com/errata/RHSA-2021:0862

Comment 27 Product Security DevOps Team 2021-03-16 19:19:12 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-28374

Comment 28 errata-xmlrpc 2021-04-06 13:58:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1081 https://access.redhat.com/errata/RHSA-2021:1081

Comment 29 errata-xmlrpc 2021-04-06 14:17:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:1093 https://access.redhat.com/errata/RHSA-2021:1093

Comment 33 errata-xmlrpc 2021-04-27 08:30:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2021:1376 https://access.redhat.com/errata/RHSA-2021:1376

Comment 34 errata-xmlrpc 2021-04-27 08:31:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2021:1377 https://access.redhat.com/errata/RHSA-2021:1377

Comment 36 errata-xmlrpc 2021-05-11 12:30:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:1531 https://access.redhat.com/errata/RHSA-2021:1531

Comment 37 errata-xmlrpc 2021-05-11 12:30:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2021:1532 https://access.redhat.com/errata/RHSA-2021:1532

Comment 38 errata-xmlrpc 2021-05-25 06:43:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:2099 https://access.redhat.com/errata/RHSA-2021:2099

Comment 39 errata-xmlrpc 2021-05-25 15:54:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:2106 https://access.redhat.com/errata/RHSA-2021:2106

Comment 40 errata-xmlrpc 2021-06-01 09:39:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:2167 https://access.redhat.com/errata/RHSA-2021:2167

Comment 41 errata-xmlrpc 2021-06-01 16:03:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:2190 https://access.redhat.com/errata/RHSA-2021:2190

Comment 42 errata-xmlrpc 2021-06-02 00:46:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:2185 https://access.redhat.com/errata/RHSA-2021:2185

Comment 43 errata-xmlrpc 2021-07-20 21:15:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2021:2732 https://access.redhat.com/errata/RHSA-2021:2732


Note You need to log in before you can comment on or make changes to this bug.