In the Linux kernel, the following vulnerability has been resolved:
nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
If the host sends an H2CData command with an invalid DATAL,
the kernel may crash in nvmet_tcp_build_pdu_iovec().
Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000000
lr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]
Call trace:
process_one_work+0x174/0x3c8
worker_thread+0x2d0/0x3e8
kthread+0x104/0x110
Fix the bug by raising a fatal error if DATAL isn't coherent
with the packet size.
Also, the PDU length should never exceed the MAXH2CDATA parameter which
has been communicated to the host in nvmet_tcp_handle_icreq().
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Linux
Published: 2024-02-23T14:46:17.827Z
Updated: 2024-05-28T19:49:45.155Z
Reserved: 2024-02-20T12:30:33.293Z
Link: CVE-2023-52454
JSON object: View
NVD Information
Status : Modified
Published: 2024-02-23T15:15:08.137
Modified: 2024-06-25T21:15:52.690
Link: CVE-2023-52454
JSON object: View
Redhat Information
No data.
CWE