<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: John Haxby <john.haxby () oracle com>
Date: Tue, 12 Jan 2021 19:10:07 +0000
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On 12 Jan 2021, at 18:01, David Disseldorp <ddiss () suse de> wrote:
===============================================================================
== Subject: Linux SCSI target (LIO) unrestricted copy offload
==
==
== CVE ID#: CVE-2020-28374
==
== Versions: Linux: v3.12 and later
== tcmu-runner: v1.3.0 and later
==
== Summary: An attacker with access to a LUN and knowledge of Unit Serial
== Number assignments can read and write to any LIO backstore,
== regardless of SCSI transport settings.
===============================================================================
David -- did you mean to attach the patches you posted to linux-distros?
jch
Attachment:
signature.asc
Description: Message signed with OpenPGP
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 12)
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload John Haxby (Jan 12)
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload David Disseldorp (Jan 13)
Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload Marcus Meissner (Jan 13)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->