CVE-2023-6121

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:2394
https://access.redhat.com/security/cve/CVE-2023-6121	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2250043	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

History

30 Apr 2024, 14:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:2394 -

11 Jan 2024, 21:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html -

20 Dec 2023, 19:15

Type	Values Removed	Values Added
Summary	(en) An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This flaw allows a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data to be printed (and potentially leaked) to the kernel ring buffer (dmesg).	(en) An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

28 Nov 2023, 19:07

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2250043 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2250043 - Issue Tracking, Third Party Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2023-6121 -~~	() https://access.redhat.com/security/cve/CVE-2023-6121 - Third Party Advisory
CPE		cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
First Time		Redhat Redhat enterprise Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CWE		CWE-125

16 Nov 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-16 15:15

Updated : 2024-04-30 14:15

NVD link : CVE-2023-6121

Mitre link : CVE-2023-6121

CVE.ORG link : CVE-2023-6121

JSON object : View

Products Affected

redhat

enterprise_linux

CWE

CWE-125

Out-of-bounds Read

4.3 /10