An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
This flaw can be mitigated by explicitly setting the kernel parameter to restrict unprivileged users from using dmesg:
sudo sysctl -w kernel.dmesg_restrict=1
To make it persistent between system reboots:
echo 'kernel.dmesg_restrict=1' | sudo tee -a /etc/sysctl.conf