1735637 – (CVE-2017-18379) CVE-2017-18379 kernel: out of bound access in drivers/nvme/target/fc.c

Bug 1735637 (CVE-2017-18379) - CVE-2017-18379 kernel: out of bound access in drivers/nvme/target/fc.c

Summary: CVE-2017-18379 kernel: out of bound access in drivers/nvme/target/fc.c

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2017-18379
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1735639
Blocks:	1735640
TreeView+	depends on / blocked

Reported:	2019-08-01 07:52 UTC by Dhananjay Arunesh
Modified:	2021-02-16 21:34 UTC (History)
CC List:	46 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel’s implementation of NVME over a fiber connection. A local attacker could use this flaw to create a situation in which specially crafted requests could corrupt memory or possibly escalate privileges.
Clone Of:
Environment:
Last Closed:	2019-08-15 20:47:03 UTC

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2019-08-01 07:52:34 UTC

A flaw was found in the linux kernels implementation of NVME over fiber connection.  A local attacker is able to create a situation in which speciacally crafted reqeusts could return kernel memory as inflight data or possibly corrupt kernel memory.

This may allow a local attacker to panic the system or escalate privileges.

Reference:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c319d3a144d4b8f1ea2047fd614d2149b68f889
https://github.com/torvalds/linux/commit/0c319d3a144d4b8f1ea2047fd614d2149b68f889

Comment 1 Dhananjay Arunesh 2019-08-01 07:54:42 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1735639]

Comment 2 Justin M. Forbes 2019-08-01 12:39:27 UTC

This was fixed for Fedora in 4.14 and never impacted any currently supported Fedora releases.

Comment 4 Wade Mealing 2019-08-05 07:49:20 UTC

This flaw is rated as Important, it may allow a local attacker to issue an out-of-bounds write and gather information that is not intended to be accessed.  This information may weaken security measures in place making it easier for subsequent attacks to succeed.

Note: No current shipping versions of Red Hat Enterprise Linux are affected either by having the fix that solves that problem or not including the code that introduced the problem.

Comment 6 Product Security DevOps Team 2019-08-15 20:47:03 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2017-18379

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bhu
blc
brdeoliv
bskeggs
dhoward
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jlelli
john.j5live
jonathan
josef
jross
jshortt
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
nyewale
plougher
rt-maint
rvrbovsk
steved
williams
wmealing
yozone