Vulnerability CVE-2023-6121: Information

Description

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-6121
Published: Nov. 16, 2023
Modified: May 22, 2024
Error type identifier: CWE-125

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://access.redhat.com/security/cve/CVE-2023-6121
  • Third Party Advisory
RHBZ#2250043
  • Issue Tracking
  • Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
    RHSA-2024:2394
      RHSA-2024:2950
        RHSA-2024:3138

            1. Configuration 1

              cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
              cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
              cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
              cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.3
          Back to top