NVMe: New Vulnerabilities Made Easy


August 25, 2023




Track 2

NVMe technology is part of every Could Service Provider, and nowadays, Cloud Services are perhaps the most important cornerstone of modern computing. For this technology to work effectively, there’s a need for a reliable communication standard between the different services and their storage, and that’s exactly where NVMe comes to play.

In this session, we’ll see how I discovered a pre-auth remote vulnerability in the NVMe implementation of the Linux kernel in a matter of minutes and how you can do it as well.  I aim to share my research methodology and further emphasize the need for SCA tools as part of any major production pipeline and will support my claims with other vulnerabilities I discovered in leading vendors such as NVIDIA and the Linux kernel.

The ease with which such vulnerabilities can be detected and exploited, combined with the fact that it’s done in the pre-auth stage and requires no more than a slight misconfiguration, makes this kind of attack vector very dangerous – and awesome.