oss-sec mailing list archives
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload
From: John Haxby <john.haxby () oracle com>
Date: Tue, 12 Jan 2021 19:10:07 +0000
On 12 Jan 2021, at 18:01, David Disseldorp <ddiss () suse de> wrote: =============================================================================== == Subject: Linux SCSI target (LIO) unrestricted copy offload == == == CVE ID#: CVE-2020-28374 == == Versions: Linux: v3.12 and later == tcmu-runner: v1.3.0 and later == == Summary: An attacker with access to a LUN and knowledge of Unit Serial == Number assignments can read and write to any LIO backstore, == regardless of SCSI transport settings. ===============================================================================
David -- did you mean to attach the patches you posted to linux-distros? jch
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 12)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload John Haxby (Jan 12)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 13)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload Marcus Meissner (Jan 13)