Add CVE-2023-6238

author: Salvatore Bonaccorso <carnil@debian.org> 2023-11-22 08:03:48 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-11-22 08:03:48 +0100
commit: d525fe4e98b3dc211d62682971056086b7def67b (patch)
tree: 6f2a13645dd13bab86e548bcdf831df3845dc1d7 /active/CVE-2023-6238
parent: a72f89d9e35ece4bd3b1edab000baac7a2c60433 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/active/CVE-2023-6238 b/active/CVE-2023-6238
new file mode 100644
index 00000000..2e29650a
--- /dev/null
+++ b/active/CVE-2023-6238
@@ -0,0 +1,20 @@
+Description: nvme: memory corruption via unprivileged user passthrough 
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2250834
+ https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u
+ https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u
+Notes:
+ carnil> Issue introduced with 855b7717f44b1 ("nvme: fine-granular
+ carnil> CAP_SYS_ADMIN for nvme io commands") in 6.2-rc1.
+ carnil> To exploit the issue it's still required that root changes the
+ carnil> device node persmissions. Though this was allowed unter the
+ carnil> assumtion it was safe to allow (which turns out not to be).
+Bugs:
+upstream: needed
+6.1-upstream-stable: N/A "Vulnerable code not present"
+5.10-upstream-stable: N/A "Vulnerable code not present"
+4.19-upstream-stable: N/A "Vulnerable code not present"
+sid: needed
+6.1-bookworm-security: N/A "Vulnerable code not present"
+5.10-bullseye-security: N/A "Vulnerable code not present"
+4.19-buster-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2023-11-22 08:03:48 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-11-22 08:03:48 +0100
commit	d525fe4e98b3dc211d62682971056086b7def67b (patch)
tree	6f2a13645dd13bab86e548bcdf831df3845dc1d7 /active/CVE-2023-6238
parent	a72f89d9e35ece4bd3b1edab000baac7a2c60433 (diff)