Vulnerability Details CVE-2023-6535
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.6%
CVSS Severity
CVSS v3 Score 6.5
References
- https://access.redhat.com/errata/RHSA-2024:0723
- https://access.redhat.com/errata/RHSA-2024:0724
- https://access.redhat.com/errata/RHSA-2024:0725
- https://access.redhat.com/errata/RHSA-2024:0881
- https://access.redhat.com/errata/RHSA-2024:0897
- https://access.redhat.com/errata/RHSA-2024:1248
- https://access.redhat.com/errata/RHSA-2024:2094
- https://access.redhat.com/errata/RHSA-2024:3810
- https://access.redhat.com/security/cve/CVE-2023-6535
- https://bugzilla.redhat.com/show_bug.cgi?id=2254053
- https://access.redhat.com/errata/RHSA-2024:0723
- https://access.redhat.com/errata/RHSA-2024:0724
- https://access.redhat.com/errata/RHSA-2024:0725
- https://access.redhat.com/errata/RHSA-2024:0881
- https://access.redhat.com/errata/RHSA-2024:0897
- https://access.redhat.com/errata/RHSA-2024:1248
- https://access.redhat.com/errata/RHSA-2024:2094
- https://access.redhat.com/errata/RHSA-2024:3810
- https://access.redhat.com/security/cve/CVE-2023-6535
- https://bugzilla.redhat.com/show_bug.cgi?id=2254053
- https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
- https://security.netapp.com/advisory/ntap-20240415-0003/
Products affected by CVE-2023-6535
-
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6
-
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2
-
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le
-
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le
-
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64
-
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64
-
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x
-
cpe:2.3:a:redhat:virtualization_host:4.0
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.6
-
cpe:2.3:o:redhat:enterprise_linux_eus:9.2
-
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64
-
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2
-
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2
-
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.6_ppc64lecpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le
-
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 9.2_ppc64lecpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6