A flaw was found in the linux kernels implementation of NVME over fiber connection. A local attacker is able to create a situation in which speciacally crafted reqeusts could return kernel memory as inflight data or possibly corrupt kernel memory.
This may allow a local attacker to panic the system or escalate privileges.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1735639]
This was fixed for Fedora in 4.14 and never impacted any currently supported Fedora releases.
This flaw is rated as Important, it may allow a local attacker to issue an out-of-bounds write and gather information that is not intended to be accessed. This information may weaken security measures in place making it easier for subsequent attacks to succeed.
Note: No current shipping versions of Red Hat Enterprise Linux are affected either by having the fix that solves that problem or not including the code that introduced the problem.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):