blob: c4579f2c97d5e024cd2f6cb3df7e29a6bd04c35e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Description: nvme: memory corruption via unprivileged user passthrough
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2250834
https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u
https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u
Notes:
carnil> Issue introduced with 855b7717f44b1 ("nvme: fine-granular
carnil> CAP_SYS_ADMIN for nvme io commands") in 6.2-rc1.
carnil> To exploit the issue it's still required that root changes the
carnil> device node persmissions. Though this was allowed unter the
carnil> assumtion it was safe to allow (which turns out not to be).
Bugs:
upstream: needed
6.1-upstream-stable: N/A "Vulnerable code not present"
5.10-upstream-stable: N/A "Vulnerable code not present"
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: needed
6.1-bookworm-security: N/A "Vulnerable code not present"
5.10-bullseye-security: N/A "Vulnerable code not present"
4.19-buster-security: N/A "Vulnerable code not present"
|
