Headline
CVE-2023-2007: scsi: dpt_i2o: Remove obsolete driver · torvalds/linux@b04e75a
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.
Permalink
Browse files
scsi: dpt_i2o: Remove obsolete driver
The dpt_i2o driver was fixed to stop using virt_to_bus() in 2008, but it still has a stale reference in an error handling code path that could never work. I submitted a patch to fix this reference earlier, but Hannes Reinecke suggested that removing the driver may be just as good here.
The i2o driver layer was removed in 2015 with commit 4a72a7a (“staging: remove i2o subsystem”), but the even older dpt_i2o scsi driver stayed around.
The last non-cleanup patches I could find were from Miquel van Smoorenburg and Mark Salyzyn back in 2008, they might know if there is any chance of the hardware still being used anywhere.
Link: https://lore.kernel.org/linux-scsi/CAK8P3a1XfwkTOV7qOs1fTxf4vthNBRXKNu8A5V7TWnHT081NGA@mail.gmail.com/T/ Link: https://lore.kernel.org/r/[email protected] Cc: Miquel van Smoorenburg [email protected] Cc: Mark Salyzyn [email protected] Cc: Hannes Reinecke [email protected] Signed-off-by: Arnd Bergmann [email protected] Signed-off-by: Martin K. Petersen [email protected]
- Loading branch information
Related news
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.