CVE-2020-28374

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-28374

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28374.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-28374

Downstream

DEBIAN-CVE-2020-28374

DLA-2557-1

DLA-2586-1

DSA-4843-1

OESA-2021-1086

OESA-2021-1087

RHSA-2021:0856

RHSA-2021:0857

RHSA-2021:0862

RHSA-2021:1081

RHSA-2021:1093

RHSA-2021:1376

RHSA-2021:1377

RHSA-2021:1531

RHSA-2021:1532

RHSA-2021:2099

RHSA-2021:2106

RHSA-2021:2167

RHSA-2021:2185

RHSA-2021:2190

RHSA-2021:2732

SUSE-SU-2021:0117-1

SUSE-SU-2021:0118-1

SUSE-SU-2021:0133-1

SUSE-SU-2021:0347-1

SUSE-SU-2021:0348-1

SUSE-SU-2021:0427-1

SUSE-SU-2021:0433-1

SUSE-SU-2021:0434-1

SUSE-SU-2021:0438-1

SUSE-SU-2021:0743-1

SUSE-SU-2021:0744-1

SUSE-SU-2021:0818-1

SUSE-SU-2021:0823-1

SUSE-SU-2021:0826-1

SUSE-SU-2021:0835-1

SUSE-SU-2021:0841-1

SUSE-SU-2021:0842-1

SUSE-SU-2021:0849-1

SUSE-SU-2021:0853-1

SUSE-SU-2021:0859-1

SUSE-SU-2021:0868-1

SUSE-SU-2021:0870-1

UBUNTU-CVE-2020-28374

LSN-0074-1

USN-4694-1

USN-4709-1

USN-4711-1

USN-4713-1

USN-4713-2

USN-4753-1

openSUSE-SU-2021:0060-1

openSUSE-SU-2021:0075-1

openSUSE-SU-2024:11940-1

Related

Published

2021-01-13T04:15:12Z

Modified

2025-08-09T20:01:27Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

In drivers/target/targetcorexcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.

References

Affected packages