oss-sec mailing list archives

Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload

From: John Haxby <john.haxby () oracle com>
Date: Tue, 12 Jan 2021 19:10:07 +0000

On 12 Jan 2021, at 18:01, David Disseldorp <ddiss () suse de> wrote:

===============================================================================
== Subject:     Linux SCSI target (LIO) unrestricted copy offload
==
==
== CVE ID#:     CVE-2020-28374
==
== Versions:    Linux: v3.12 and later
==              tcmu-runner: v1.3.0 and later
==
== Summary:     An attacker with access to a LUN and knowledge of Unit Serial
==              Number assignments can read and write to any LIO backstore,
==              regardless of SCSI transport settings.
===============================================================================


David -- did you mean to attach the patches you posted to linux-distros?

jch

Attachment: signature.asc
Description: Message signed with OpenPGP

Current thread:

CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 12)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload John Haxby (Jan 12)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 13)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload Marcus Meissner (Jan 13)