oss-sec mailing list archives

Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload

From: David Disseldorp <ddiss () suse de>
Date: Wed, 13 Jan 2021 10:41:30 +0100

[replying via parent, as I'm not on this list]

Hi John,

On Tue, 12 Jan 2021 19:01:34 +0100, David Disseldorp wrote:

===============================================================================
== Subject:     Linux SCSI target (LIO) unrestricted copy offload
==
==
== CVE ID#:     CVE-2020-28374
==
== Versions:    Linux: v3.12 and later
==              tcmu-runner: v1.3.0 and later
==
== Summary:     An attacker with access to a LUN and knowledge of Unit Serial
==              Number assignments can read and write to any LIO backstore,
==              regardless of SCSI transport settings.
===============================================================================

David -- did you mean to attach the patches you posted to linux-distros?


No, the kernel patches have gone out via the regular mainline and stable
repositories. The tcmu-runner fix is queued at
https://github.com/open-iscsi/tcmu-runner/pull/644

Cheers, David

Current thread:

CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 12)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload John Haxby (Jan 12)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 13)
- Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload Marcus Meissner (Jan 13)