Carding 4 Carders
Professional
A vulnerability (CVE-2023-5178) has been identified in the Linux nvmet-tcp subsystem (NVMe-oF/TCP), which allows access to NVMe drives over the network (NVM Express over Fabrics) using the TCP protocol, potentially allowing you to remotely execute your code at the kernel level or, if you have local access, raise your privileges in the system. The fix is still available as a patch. The problem appears from the very first version of the NVMe-oF/TCP driver (the vulnerability report mentions the Linux kernel 5.15, but support for NVMe-oF / TCP was added in kernel 5.0). The vulnerability affects systems with the NVMe-oF/TCP server enabled (NVME_TARGET_TCP), which by default accepts connections on network port 4420.
The vulnerability is caused by a logical error, due to which the nvmet_tcp_free_crypto function was called twice and released some pointers twice, as well as dereferenced freed addresses. This behavior results in use-after-free access to an already freed memory area and double-free access when the NVMe-oF/TCP server processes a specially designed message from a client that can be located on both the local and global network.
The vulnerability is caused by a logical error, due to which the nvmet_tcp_free_crypto function was called twice and released some pointers twice, as well as dereferenced freed addresses. This behavior results in use-after-free access to an already freed memory area and double-free access when the NVMe-oF/TCP server processes a specially designed message from a client that can be located on both the local and global network.
