oss-sec mailing list archives
Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe
From: Greg KH <greg () kroah com>
Date: Thu, 12 Jan 2023 18:10:23 +0100
On Thu, Jan 12, 2023 at 04:12:30PM +0200, Tal Lossos wrote:
Hi all, # Description A NULL Pointer Dereference bug in nvmet_setup_auth (drivers/nvme/target/auth.c) can be triggered remotely to cause a DoS. Since the bug occurs in the authentication feature, it can be easily triggered by an unauthorized client in the pre-auth stage. Versions affected - v6.0-rc1 to v6.0-rc3 (fixed in v6.0-rc4).
Meta-comment, why are CVE's being assigned for issues found, and then fixed, in development kernel releases? Who assigned this CVE, MITRE or someone else? thanks, greg k-h
Current thread:
- CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Tal Lossos (Jan 12)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Greg KH (Jan 12)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe John Helmert III (Jan 12)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Greg KH (Jan 13)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Salvatore Bonaccorso (Jan 18)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe John Helmert III (Jan 12)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Greg KH (Jan 12)