A critical vulnerability, identified as CVE-2023-5178, has been discovered within the Linux subsystem known as nvmet-tcp (NVMe-oF/TCP). This component is specifically designed for accessing NVMe drives remotely over a network using the TCP protocol. The severity of this vulnerability lies in its potential to allow malicious actors to execute arbitrary code at the kernel level, or, if the attacker has local access, to escalate their privileges on the affected system. Fortunately, a solution is already available in the form of an update.
The vulnerability has persisted since the initial release of the NVMe-oF/TCP driver, affecting systems that have an NVMe-oF/TCP server (NVME_TARGET_TCP) enabled. This server typically accepts connections on the default network port 4420.
The root cause of this vulnerability can be attributed to a logical error within the nvmet_tcp_free_crypto function. This error results in the function being called twice, leading to the freeing of certain pointers more than once and the dereferencing of already freed addresses. This anomalous behavior can trigger memory issues, such as use-after-free and memory double-free, when the NVMe-oF/TCP server processes a client message that has been meticulously crafted by an attacker. It’s noteworthy that the client can be located on either a local network or a global network.
The swift discovery and remediation of this vulnerability underscore the importance of staying vigilant and promptly applying updates to ensure the security and integrity of systems that rely on the NVMe-oF/TCP driver. This proactive approach is essential in safeguarding against potential threats posed by malicious actors who may attempt to exploit such vulnerabilities.
CyberSec84 | Cybersecurity news. 
Leave a comment