CVE 2020-13817
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
Related bugs and status
CVE-2020-13817 (Candidate) is related to these bugs:
Bug #1887438: Controller-0 Not Ready after force rebooting active controller (Controller-1)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1887438 | Controller-0 Not Ready after force rebooting active controller (Controller-1) | StarlingX | Medium | Fix Released | ||
Bug #1887677: stx-openstack: etcd 1MB size limit will prevent scaling up openstack workers
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1887677 | stx-openstack: etcd 1MB size limit will prevent scaling up openstack workers | StarlingX | Medium | Fix Released | ||
Bug #1900920: pods do not get restarted in an AIO-DX system
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1900920 | pods do not get restarted in an AIO-DX system | StarlingX | Medium | Fix Released | ||
Bug #1901449: DC: rbd mounted devices becomes read only after enabling https on system controller
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1901449 | DC: rbd mounted devices becomes read only after enabling https on system controller | StarlingX | Medium | Fix Released | ||
Bug #1915050: IPv6: All hosts remain offline after booting off the controller-0
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1915050 | IPv6: All hosts remain offline after booting off the controller-0 | StarlingX | Critical | Fix Released | ||
Bug #1915951: Shared NIC: System doesn't retain the rate-limit config when a pod is deleted
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1915951 | Shared NIC: System doesn't retain the rate-limit config when a pod is deleted | StarlingX | Medium | Fix Released | ||
Bug #1916946: CVE-2021-3156 sudo privilege escalation
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1916946 | CVE-2021-3156 sudo privilege escalation | StarlingX | Medium | Fix Released | ||
Bug #1917308: Stx-openstack apply-fail after swact standby controller, lock, unlock standby controller
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1917308 | Stx-openstack apply-fail after swact standby controller, lock, unlock standby controller | StarlingX | Critical | Fix Released | ||
Bug #1917781: Controller-0 showing disabled/offline in dm while it is unlocked/available in sysinv
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1917781 | Controller-0 showing disabled/offline in dm while it is unlocked/available in sysinv | StarlingX | Low | Fix Released | ||
Bug #1918139: On AIO hosts, kuberenetes is starting before key resources are initialized
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1918139 | On AIO hosts, kuberenetes is starting before key resources are initialized | StarlingX | Medium | Fix Released | ||
Bug #1920245: drbd filesystems not resized during bootstrap
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1920245 | drbd filesystems not resized during bootstrap | StarlingX | Medium | Fix Released | ||
Bug #1923665: No LLDP information available for Fortville i40e NIC
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1923665 | No LLDP information available for Fortville i40e NIC | StarlingX | Medium | Fix Released | ||
Bug #1924579: armada-api container not using the correct user
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1924579 | armada-api container not using the correct user | StarlingX | Low | Fix Released | ||
Bug #1924686: systemd excessively reads mountinfo and udev in dense container environments
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1924686 | systemd excessively reads mountinfo and udev in dense container environments | StarlingX | Medium | Fix Released | ||
Bug #1924691: systemd sends tons of useless PropertiesChanged messages when a mount happens
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1924691 | systemd sends tons of useless PropertiesChanged messages when a mount happens | StarlingX | Medium | Fix Released | ||
Bug #1926591: Unlock fails after restore when trying to resize docker-lv fs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1926591 | Unlock fails after restore when trying to resize docker-lv fs | StarlingX | High | Fix Released | ||
Bug #1927153: intel-fpga/intel-gpu/intel-qat: docker images build errors
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1927153 | intel-fpga/intel-gpu/intel-qat: docker images build errors | StarlingX | Medium | Fix Released | ||
Bug #1927730: Secure boot via pxeboot fails with updated grub2
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1927730 | Secure boot via pxeboot fails with updated grub2 | StarlingX | High | Fix Released | ||
Bug #1928018: AIO-SX: armada pod stuck in Unknown after host-lock/unlock
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1928018 | AIO-SX: armada pod stuck in Unknown after host-lock/unlock | StarlingX | Medium | Fix Released | ||
Bug #1928141: AIO-SX upgrade_platform playbook fails waiting for armada-api pod
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1928141 | AIO-SX upgrade_platform playbook fails waiting for armada-api pod | StarlingX | Medium | Fix Released | ||
Bug #1928934: Storage-services loss of redundancy after lock/unlock of standby controller
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1928934 | Storage-services loss of redundancy after lock/unlock of standby controller | StarlingX | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
