NVMe: New Vulnerabilities Made Easy

Date

August 25, 2023

Time

15:30

Track

Track 2

NVMe technology is part of every Could Service Provider, and nowadays, Cloud Services are perhaps the most important cornerstone of modern computing. For this technology to work effectively, there’s a need for a reliable communication standard between the different services and their storage, and that’s exactly where NVMe comes to play.

In this session, we’ll see how I discovered a pre-auth remote vulnerability in the NVMe implementation of the Linux kernel in a matter of minutes and how you can do it as well.  I aim to share my research methodology and further emphasize the need for SCA tools as part of any major production pipeline and will support my claims with other vulnerabilities I discovered in leading vendors such as NVIDIA and the Linux kernel.

The ease with which such vulnerabilities can be detected and exploited, combined with the fact that it’s done in the pre-auth stage and requires no more than a slight misconfiguration, makes this kind of attack vector very dangerous – and awesome.

Security Researcher

CyberArk

Tal Lossos is a Security Researcher at CyberArk Labs with years of experience in kernel module development with a deep interest in OS internals and currently focuses on bug hunting in the Linux kernel. In his recent works, Tal discovered multiple vulnerabilities in drivers causing elevation of privilege.