oss-sec mailing list archives

Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe

From: Greg KH <greg () kroah com>
Date: Thu, 12 Jan 2023 18:10:23 +0100

On Thu, Jan 12, 2023 at 04:12:30PM +0200, Tal Lossos wrote:

Hi all,

# Description
A NULL Pointer Dereference bug in nvmet_setup_auth
(drivers/nvme/target/auth.c) can be triggered remotely to cause a DoS.
Since the bug occurs in the authentication feature, it can be easily
triggered by an unauthorized client in the pre-auth stage.
Versions affected - v6.0-rc1 to v6.0-rc3 (fixed in v6.0-rc4).


Meta-comment, why are CVE's being assigned for issues found, and then
fixed, in development kernel releases?  Who assigned this CVE, MITRE or
someone else?

thanks,

greg k-h

Current thread:

CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Tal Lossos (Jan 12)
- Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Greg KH (Jan 12)
  - Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe John Helmert III (Jan 12)
    - Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Greg KH (Jan 13)
    - Re: CVE-2023-0122: Linux kernel: Pre-Auth Remote DoS in NVMe Salvatore Bonaccorso (Jan 18)