NVMe: New Vulnerabilities Made Easy - Exploiting Cloud Storage Protocols

Explore the critical vulnerabilities in NVMe technology, a cornerstone of modern cloud computing, in this eye-opening conference talk from Hack In The Box Security Conference. Discover how a pre-auth remote vulnerability in the Linux kernel's NVMe implementation was uncovered in minutes, and learn the research methodology to replicate this process. Gain insights into the importance of incorporating Static Code Analysis (SCA) tools in production pipelines, supported by examples of vulnerabilities found in leading vendors like NVIDIA and the Linux kernel. Understand the potential dangers of easily detectable and exploitable pre-auth vulnerabilities that require only slight misconfigurations. Benefit from the expertise of Tal Lossos, a Security Researcher at CyberArk Labs with extensive experience in kernel module development and a focus on bug hunting in the Linux kernel.

#HITB2023HKT D2T2 - NVMe: New Vulnerabilities Made Easy - Tal Lossos