2024-07-29 15:04:16
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesnt mandate that the first two double words (aka results) for the command queue entry need to be set to 0 when they are not used (not specified). Though, the target implemention returns 0 for TCP and FC but not for RDMA. Lets make RDMA behave the same and thus explicitly initializing the result field. This prevents leaking any data from the stack.