CVE-2023-6536

NULL pointer dereference in __nvmet_req_complete

References

https://bugzilla.redhat.com/show_bug.cgi?id=2254052
https://lore.kernel.org/linux-nvme/69e7bbe4-b454-4941-90e2-2e6a4cf0f182@grimberg.me/T/#t

Notes

 bwh> I think this is fixed by commit 0849a5441358 "nvmet-tcp:
 bwh> fix a crash in nvmet_req_complete()"; that mentions
 bwh> nvmet_req_complete() which is a thin wrapper for
 bwh> __nvmet_req_complete()).  Fixed as well in 6.6.14 and 6.7.2.

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	needed
5.10-bullseye-security	released (5.10.209-1)
5.10-upstream-stable	released (5.10.209) [39669fae69f302961d89f38d969c6fcc1d07eb02]
6.1-bookworm-security	released (6.1.76-1)
6.1-upstream-stable	released (6.1.75) [83ccd15717ee2b6143df72df39685f0c832e3451]
6.6-upstream-stable	unknown
6.8-upstream-stable	unknown
sid	released (6.6.15-1)
upstream	released (6.8-rc1) [0849a5441358cef02586fb2d60f707c0db195628]