References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: fix mempool alloc size

Convert the max size to bytes to match the units of the divisor that
calculates the worst-case number of PRP entries.

The result is used to determine how many PRP Lists are required. The
code was previously rounding this to 1 list, but we can require 2 in the
worst case. In that scenario, the driver would corrupt memory beyond the
size provided by the mempool.

While unlikely to occur (you'd need a 4MB in exactly 127 phys segments
on a queue that doesn't support SGLs), this memory corruption has been
observed by kfence.

https://git.kernel.org/stable/c/9141144b37f30e3e7fa024bcfa0a13011e546ba9

https://git.kernel.org/stable/c/b1814724e0d7162bdf4799f2d565381bc2251c63

https://git.kernel.org/stable/c/c89a529e823d51dd23c7ec0c047c7a454a428541

https://git.kernel.org/stable/c/dfb6d54893d544151e7f480bc44cfe7823f5ad23

https://git.kernel.org/stable/c/e1777b4286e526c58b4ee699344b0ad85aaf83a0