Vulnerability Details CVE-2023-6121
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.1%
CVSS Severity
CVSS v3 Score 4.3
References
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-6121
- https://bugzilla.redhat.com/show_bug.cgi?id=2250043
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-6121
- https://bugzilla.redhat.com/show_bug.cgi?id=2250043
- https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
Products affected by CVE-2023-6121
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0