SB2024052231 - Remote denial of service in Linux kernel nvme driver
Published: May 22, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024052231
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2021-47041)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvmet_tcp_state_change() function in drivers/nvme/target/tcp.c. An remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/999d606a820c36ae9b9e9611360c8b3d8d4bb777
- https://git.kernel.org/stable/c/60ade0d56b06537a28884745059b3801c78e03bc
- https://git.kernel.org/stable/c/06beaa1a9f6e501213195e47c30416032fd2bbd5
- https://git.kernel.org/stable/c/906c538340dde6d891df89fe7dac8eaa724e40da
- https://git.kernel.org/stable/c/b5332a9f3f3d884a1b646ce155e664cc558c1722
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.119