CVE-2023-52454: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-52454 is a vulnerability in the Linux kernel's NVMe over TCP target driver (nvmet-tcp) that was discovered in December 2023. The vulnerability affects Linux kernel versions from 5.0.0 up to (excluding) 6.7.2. When a host sends an H2CData command with an invalid DATAL (data length), the kernel may crash in nvmet_tcp_build_pdu_iovec() due to a NULL pointer dereference (NVD).

The vulnerability occurs when processing H2C (Host-to-Controller) PDU (Protocol Data Unit) lengths in the NVMe over TCP target driver. The issue manifests as a NULL pointer dereference at virtual address 0000000000000000, triggered when handling invalid data lengths in the nvmet_tcp_build_pdu_iovec() function. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

If successfully exploited, this vulnerability can cause a kernel panic, leading to a denial of service condition on the affected system. The impact is limited to availability, with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed by implementing proper validation of PDU lengths and raising a fatal error if DATAL isn't coherent with the packet size. The fix also ensures that the PDU length never exceeds the MAXH2CDATA parameter which is communicated to the host in nvmet_tcp_handle_icreq(). The patch has been backported to multiple stable kernel versions (Kernel Patch).