[SRU][F/J/L/M][PATCH 0/1] CVE-2023-5178
Yuxuan Luo
yuxuan.luo at canonical.com
Wed Oct 25 20:39:29 UTC 2023
[Impact]
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c`
in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP
subsystem in the Linux kernel. This issue may allow a malicious user
to cause a use-after-free and double-free problem, which may permit
remote code execution or lead to local privilege escalation in case
that the attacker already has local privileges.
[Backport]
For J/L/M it is a clean cherry pick.
For Focal, a prerequisite commit, 0236d3437909 ("nvmet-tcp: move
send/recv error handling in the send/recv methods instead of
call-sites"), is cherry picked for solving conflicts.
[Test]
Compile and boot tested.
[Potential Regression]
Regression should be limited in the modified file.
Sagi Grimberg (1):
nvmet-tcp: Fix a possible UAF in queue intialization setup
drivers/nvme/target/tcp.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list