Date: Wed, 13 Jan 2021 10:41:30 +0100 From: David Disseldorp <ddiss@...e.de> To: john.haxby@...cle.com Cc: oss-security@...ts.openwall.com Subject: Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy offload [replying via parent, as I'm not on this list] Hi John, > On Tue, 12 Jan 2021 19:01:34 +0100, David Disseldorp wrote: > > > =============================================================================== > > == Subject: Linux SCSI target (LIO) unrestricted copy offload > > == > > == > > == CVE ID#: CVE-2020-28374 > > == > > == Versions: Linux: v3.12 and later > > == tcmu-runner: v1.3.0 and later > > == > > == Summary: An attacker with access to a LUN and knowledge of Unit Serial > > == Number assignments can read and write to any LIO backstore, > > == regardless of SCSI transport settings. > > =============================================================================== > David -- did you mean to attach the patches you posted to linux-distros? No, the kernel patches have gone out via the regular mainline and stable repositories. The tcmu-runner fix is queued at https://github.com/open-iscsi/tcmu-runner/pull/644 Cheers, David
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.