{"api_version":"1","generated_at":"2026-04-23T02:24:53+00:00","cve":"CVE-2020-28374","urls":{"html":"https://cve.report/CVE-2020-28374","api":"https://cve.report/api/cve/CVE-2020-28374.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-28374","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-28374"},"summary":{"title":"CVE-2020-28374","description":"In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-01-13 04:15:00","updated_at":"2023-11-07 03:21:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html","name":"[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2557-1] linux-4.19 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html","name":"[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2586-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/01/13/2","name":"[oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy\n offload","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZEUPID5DZYLZBIO4BEVLHFUDZZIFL57/","name":"FEDORA-2021-620fb40359","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 33 Update: kernel-headers-5.10.7-200.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20210219-0002/","name":"https://security.netapp.com/advisory/ntap-20210219-0002/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"CVE-2020-28374 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2896c93811e39d63a4d9b63ccf12a8fbc226e5e4","name":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2896c93811e39d63a4d9b63ccf12a8fbc226e5e4","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"kernel/git/torvalds/linux.git - Linux kernel source tree","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2021/dsa-4843","name":"DSA-4843","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4843-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html","name":"http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"Kernel Live Patch Security Notice LSN-0074-1 ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HK7SRTITN5ABAUOOIGFVR7XE5YKYYAVO/","name":"FEDORA-2021-4a91649cf3","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: tcmu-runner-1.5.2-7.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/01/13/5","name":"[oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - Re: CVE-2020-28374: Linux SCSI target (LIO)\n unrestricted copy offload","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/torvalds/linux/commit/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4","name":"https://github.com/torvalds/linux/commit/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4","refsource":"CONFIRM","tags":["Patch","Third Party Advisory"],"title":"scsi: target: Fix XCOPY NAA identifier lookup · torvalds/linux@2896c93 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7","name":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7","refsource":"CONFIRM","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.suse.com/attachment.cgi?id=844938","name":"https://bugzilla.suse.com/attachment.cgi?id=844938","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZEUPID5DZYLZBIO4BEVLHFUDZZIFL57/","name":"FEDORA-2021-620fb40359","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: kernel-headers-5.10.7-200.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTGQDYIEO2GOCOOKADBHEITF44GY55QF/","name":"FEDORA-2021-082e638d02","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: kernel-5.10.7-100.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HK7SRTITN5ABAUOOIGFVR7XE5YKYYAVO/","name":"FEDORA-2021-4a91649cf3","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 33 Update: tcmu-runner-1.5.2-7.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1178372","name":"https://bugzilla.suse.com/show_bug.cgi?id=1178372","refsource":"MISC","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"Bug 1178372 – VUL-0: CVE-2020-28374: kernel-source: LIO security issue","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTGQDYIEO2GOCOOKADBHEITF44GY55QF/","name":"FEDORA-2021-082e638d02","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 32 Update: kernel-5.10.7-100.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-28374","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28374","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"28374","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-28374","qid":"159144","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2021-1093)"},{"cve":"CVE-2020-28374","qid":"159277","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9306)"},{"cve":"CVE-2020-28374","qid":"159278","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9307)"},{"cve":"CVE-2020-28374","qid":"174805","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (SUSE-SU-2021:0849-1)"},{"cve":"CVE-2020-28374","qid":"174806","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (SUSE-SU-2021:0835-1)"},{"cve":"CVE-2020-28374","qid":"174807","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP2) (SUSE-SU-2021:0842-1)"},{"cve":"CVE-2020-28374","qid":"174808","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (SUSE-SU-2021:0870-1)"},{"cve":"CVE-2020-28374","qid":"174809","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP2) (SUSE-SU-2021:0849-1)"},{"cve":"CVE-2020-28374","qid":"174810","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP1) (SUSE-SU-2021:0853-1)"},{"cve":"CVE-2020-28374","qid":"174812","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (SUSE-SU-2021:0859-1)"},{"cve":"CVE-2020-28374","qid":"174813","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 5 for SLE 12 SP5) (SUSE-SU-2021:0818-1)"},{"cve":"CVE-2020-28374","qid":"174817","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP2) (SUSE-SU-2021:0841-1)"},{"cve":"CVE-2020-28374","qid":"174819","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 18 for SLE 15) (SUSE-SU-2021:0868-1)"},{"cve":"CVE-2020-28374","qid":"239151","title":"Red Hat Update for kernel (RHSA-2021:0856)"},{"cve":"CVE-2020-28374","qid":"239174","title":"Red Hat Update for kpatch-patch (RHSA-2021:0862)"},{"cve":"CVE-2020-28374","qid":"239202","title":"Red Hat Update for kernel (RHSA-2021:1093)"},{"cve":"CVE-2020-28374","qid":"239204","title":"Red Hat Update for kernel-rt (RHSA-2021:1081)"},{"cve":"CVE-2020-28374","qid":"239254","title":"Red Hat Update for kpatch-patch (RHSA-2021:1377)"},{"cve":"CVE-2020-28374","qid":"239255","title":"Red Hat Update for kernel (RHSA-2021:1376)"},{"cve":"CVE-2020-28374","qid":"239343","title":"Red Hat Update for kpatch-patch (RHSA-2021:1532)"},{"cve":"CVE-2020-28374","qid":"239344","title":"Red Hat Update for kernel (RHSA-2021:1531)"},{"cve":"CVE-2020-28374","qid":"239349","title":"Red Hat Update for kernel (RHSA-2021:2106)"},{"cve":"CVE-2020-28374","qid":"239351","title":"Red Hat Update for kpatch-patch (RHSA-2021:2099)"},{"cve":"CVE-2020-28374","qid":"239374","title":"Red Hat Update for kernel (RHSA-2021:2185)"},{"cve":"CVE-2020-28374","qid":"239380","title":"Red Hat Update for kpatch-patch (RHSA-2021:2167)"},{"cve":"CVE-2020-28374","qid":"239453","title":"Red Hat Update for kernel-rt (RHSA-2021:2190)"},{"cve":"CVE-2020-28374","qid":"257070","title":"CentOS Security Update for kernel (CESA-2021:0856)"},{"cve":"CVE-2020-28374","qid":"352330","title":"Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2021-038"},{"cve":"CVE-2020-28374","qid":"352331","title":"Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2021-037"},{"cve":"CVE-2020-28374","qid":"352332","title":"Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2021-036"},{"cve":"CVE-2020-28374","qid":"352333","title":"Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2021-035"},{"cve":"CVE-2020-28374","qid":"353100","title":"Amazon Linux Security Advisory for kernel : ALAC2012-2021-024"},{"cve":"CVE-2020-28374","qid":"353101","title":"Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2021-025"},{"cve":"CVE-2020-28374","qid":"353102","title":"Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2021-026"},{"cve":"CVE-2020-28374","qid":"353132","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-019"},{"cve":"CVE-2020-28374","qid":"377055","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2021:0027)"},{"cve":"CVE-2020-28374","qid":"390233","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2021-0005)"},{"cve":"CVE-2020-28374","qid":"6140039","title":"AWS Bottlerocket Security Update for kernel (GHSA-278j-xcrj-6gh7)"},{"cve":"CVE-2020-28374","qid":"670578","title":"EulerOS Security Update for kernel (EulerOS-SA-2021-2336)"},{"cve":"CVE-2020-28374","qid":"750428","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:0075-1)"},{"cve":"CVE-2020-28374","qid":"750434","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:0060-1)"},{"cve":"CVE-2020-28374","qid":"900040","title":"CBL-Mariner Linux Security Update for kernel 5.4.91"},{"cve":"CVE-2020-28374","qid":"902914","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3735)"},{"cve":"CVE-2020-28374","qid":"906091","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3735-1)"},{"cve":"CVE-2020-28374","qid":"940387","title":"AlmaLinux Security Update for kernel (ALSA-2021:1093)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-28374","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1178372","refsource":"MISC","name":"https://bugzilla.suse.com/show_bug.cgi?id=1178372"},{"refsource":"CONFIRM","name":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.7"},{"refsource":"CONFIRM","name":"https://github.com/torvalds/linux/commit/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4","url":"https://github.com/torvalds/linux/commit/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4"},{"refsource":"CONFIRM","name":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2896c93811e39d63a4d9b63ccf12a8fbc226e5e4","url":"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2896c93811e39d63a4d9b63ccf12a8fbc226e5e4"},{"refsource":"MISC","name":"https://bugzilla.suse.com/attachment.cgi?id=844938","url":"https://bugzilla.suse.com/attachment.cgi?id=844938"},{"refsource":"MLIST","name":"[oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload","url":"http://www.openwall.com/lists/oss-security/2021/01/13/2"},{"refsource":"MLIST","name":"[oss-security] 20210113 Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload","url":"http://www.openwall.com/lists/oss-security/2021/01/13/5"},{"refsource":"FEDORA","name":"FEDORA-2021-620fb40359","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZEUPID5DZYLZBIO4BEVLHFUDZZIFL57/"},{"refsource":"FEDORA","name":"FEDORA-2021-082e638d02","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTGQDYIEO2GOCOOKADBHEITF44GY55QF/"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html","url":"http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html"},{"refsource":"DEBIAN","name":"DSA-4843","url":"https://www.debian.org/security/2021/dsa-4843"},{"refsource":"FEDORA","name":"FEDORA-2021-4a91649cf3","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HK7SRTITN5ABAUOOIGFVR7XE5YKYYAVO/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210219-0002/","url":"https://security.netapp.com/advisory/ntap-20210219-0002/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"}]}},"nvd":{"publishedDate":"2021-01-13 04:15:00","lastModifiedDate":"2023-11-07 03:21:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.7","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"28374","Ordinal":"190861","Title":"CVE-2020-28374","CVE":"CVE-2020-28374","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"28374","Ordinal":"1","NoteData":"In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"28374","Ordinal":"2","NoteData":"2021-01-12","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"28374","Ordinal":"3","NoteData":"2021-03-09","Type":"Other","Title":"Modified"}]}}}