A flaw was found in the Linux kernels implementation of Linux SCSI target host where an authenticated attacker to write to any block on the exported scsi device backing store. This could allow an authenticated attacker who is able to send LIO block requests to the linux system to overwrite data on the backing store. The system using the backing store may have corrupted data, or incorrect data and depending on the use case, this could possibly be leveraged to a more serious attack such as privilege escalation.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1915786] Created tcmu-runner tracking bugs for this issue: Affects: fedora-all [bug 1915787]
https://bugzilla.redhat.com/show_bug.cgi?id=1916045 Created a new flaw to reflect the new cve for tcmu-runner.
Removed affects here, added to new flaw and linked existing trackers.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0856 https://access.redhat.com/errata/RHSA-2021:0856
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0857 https://access.redhat.com/errata/RHSA-2021:0857
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0862 https://access.redhat.com/errata/RHSA-2021:0862
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-28374
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1081 https://access.redhat.com/errata/RHSA-2021:1081
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1093 https://access.redhat.com/errata/RHSA-2021:1093
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:1376 https://access.redhat.com/errata/RHSA-2021:1376
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:1377 https://access.redhat.com/errata/RHSA-2021:1377
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:1531 https://access.redhat.com/errata/RHSA-2021:1531
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:1532 https://access.redhat.com/errata/RHSA-2021:1532
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2099 https://access.redhat.com/errata/RHSA-2021:2099
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:2106 https://access.redhat.com/errata/RHSA-2021:2106
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2167 https://access.redhat.com/errata/RHSA-2021:2167
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2190 https://access.redhat.com/errata/RHSA-2021:2190
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:2185 https://access.redhat.com/errata/RHSA-2021:2185
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:2732 https://access.redhat.com/errata/RHSA-2021:2732