ecb1b7b082
As reported by Trend Micro's Zero Day Initiative, an oob memory read
vulnerability exists in nvme_fdp_events(). The host-provided offset is
not verified.
Fix this.
This is only exploitable when Flexible Data Placement mode (fdp=on) is
enabled.
Fixes: CVE-2023-4135
Fixes:
|
||
---|---|---|
.. | ||
ctrl.c | ||
dif.c | ||
dif.h | ||
Kconfig | ||
meson.build | ||
ns.c | ||
nvme.h | ||
subsys.c | ||
trace-events | ||
trace.h |