Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 13 Jan 2021 10:41:30 +0100
From: David Disseldorp <ddiss@...e.de>
To: john.haxby@...cle.com
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE-2020-28374: Linux SCSI target (LIO) unrestricted copy
 offload

[replying via parent, as I'm not on this list]

Hi John,

> On Tue, 12 Jan 2021 19:01:34 +0100, David Disseldorp wrote:
>
> > ===============================================================================
> > == Subject:     Linux SCSI target (LIO) unrestricted copy offload
> > ==
> > ==
> > == CVE ID#:     CVE-2020-28374
> > ==
> > == Versions:    Linux: v3.12 and later
> > ==              tcmu-runner: v1.3.0 and later
> > ==
> > == Summary:     An attacker with access to a LUN and knowledge of Unit Serial
> > ==              Number assignments can read and write to any LIO backstore,
> > ==              regardless of SCSI transport settings.
> > ===============================================================================

> David -- did you mean to attach the patches you posted to linux-distros?

No, the kernel patches have gone out via the regular mainline and stable
repositories. The tcmu-runner fix is queued at
https://github.com/open-iscsi/tcmu-runner/pull/644

Cheers, David

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.