<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: David Disseldorp <ddiss () suse de>
Date: Wed, 13 Jan 2021 10:41:30 +0100
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
[replying via parent, as I'm not on this list]
Hi John,
On Tue, 12 Jan 2021 19:01:34 +0100, David Disseldorp wrote:
===============================================================================
== Subject: Linux SCSI target (LIO) unrestricted copy offload
==
==
== CVE ID#: CVE-2020-28374
==
== Versions: Linux: v3.12 and later
== tcmu-runner: v1.3.0 and later
==
== Summary: An attacker with access to a LUN and knowledge of Unit Serial
== Number assignments can read and write to any LIO backstore,
== regardless of SCSI transport settings.
===============================================================================
David -- did you mean to attach the patches you posted to linux-distros?
No, the kernel patches have gone out via the regular mainline and stable
repositories. The tcmu-runner fix is queued at
https://github.com/open-iscsi/tcmu-runner/pull/644
Cheers, David
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 12)
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload John Haxby (Jan 12)
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 13)
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload Marcus Meissner (Jan 13)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->