CVE-2023-6238

nvme: memory corruption via unprivileged user passthrough

References

Debian security tracker
cve.org
https://bugzilla.redhat.com/show_bug.cgi?id=2250834
https://lore.kernel.org/linux-nvme/20231013051458.39987-1-joshi.k@samsung.com/T/#u
https://lore.kernel.org/linux-nvme/20231016060519.231880-1-joshi.k@samsung.com/T/#u

Notes

 carnil> Issue introduced with 855b7717f44b1 ("nvme: fine-granular
 carnil> CAP_SYS_ADMIN for nvme io commands") in 6.2-rc1.
 carnil> To exploit the issue it's still required that root changes the
 carnil> device node persmissions. Though this was allowed unter the
 carnil> assumtion it was safe to allow (which turns out not to be).

Bugs

Status

Branch	Status
upstream	needed
6.18-upstream-stable
6.17-upstream-stable
6.12-upstream-stable
6.6-upstream-stable
6.1-upstream-stable	N/A "Vulnerable code not present"
5.10-upstream-stable	N/A "Vulnerable code not present"
4.19-upstream-stable	N/A "Vulnerable code not present"
sid	needed
6.12-trixie-security	needed
6.1-bookworm-security	N/A "Vulnerable code not present"
5.10-bullseye-security	N/A "Vulnerable code not present"
4.19-buster-security	N/A "Vulnerable code not present"