An out-of-bounds read issue was found in the NVMe-oF/TCP subsystem in the Linux kernel. A remote attacker could send a crafted TCP packet triggering a heap-based buffer overflow that results in kmalloc data to be printed (and potentially leaked) to the kernel ring buffer (dmesg). Upstream refs: https://lore.kernel.org/linux-nvme/b58a2dc6-cc8f-4d19-9efe-e1d5b4505efc@nvidia.com/T/ https://lore.kernel.org/linux-nvme/CAK5usQvxAyC3LJ4OnqerS1P0JpbfFr9uRZmq6Jb4QhaB7AQCoQ@mail.gmail.com/T/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2250044]
This was fixed for Fedora with the 6.6.4 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394