CVE-2023-6121 โ€” Out-of-bounds Read in Redhat Enterprise Linux

CWE-125 โ€” Out-of-bounds Read22 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 51.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedNov 16
Latest updateApr 9

Description

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

โ–ถDebianlinux/linux_kernel< 5.10.205-2+3

Also affects: Enterprise Linux 6.0, 7.0, 8.0, 9.0

๐Ÿ”ดVulnerability Details

3
CVEList
Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_getโ†—2023-11-16
โ–ถ
OSV
CVE-2023-6121: An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernelโ†—2023-11-16
โ–ถ
GHSA
GHSA-m4j9-h84h-3gqr: An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernelโ†—2023-11-16
โ–ถ

๐Ÿ“‹Vendor Advisories

17
Ubuntu
Linux kernel (Azure) vulnerabilitiesโ†—2024-04-09
โ–ถ
Ubuntu
Linux kernel (Intel IoTG) vulnerabilitiesโ†—2024-03-27
โ–ถ
Ubuntu
Linux kernel vulnerabilitiesโ†—2024-03-25
โ–ถ
Ubuntu
Linux kernel (Azure) vulnerabilitiesโ†—2024-03-25
โ–ถ
Ubuntu
Linux kernel (GCP) vulnerabilitiesโ†—2024-03-20
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2023-6121 kernel: NVMe: info leak due to out-of-bounds read in nvmet_ctrl_find_getโ†—2023-11-16
โ–ถ
CVE-2023-6121 โ€” Out-of-bounds Read in Redhat | cvebase