CVE-2023-6356: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using…

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

Affected

37 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	linux	< linux 6.1.76-1 (bookworm)	linux 6.1.76-1 (bookworm)
linux	linux_kernel	>= 0 < 5.10.209-1	5.10.209-1
linux	linux_kernel	>= 0 < 6.1.76-1	6.1.76-1
linux	linux_kernel	>= 0 < 6.6.15-1	6.6.15-1
linux	linux_kernel	>= 0 < 6.6.15-1	6.6.15-1
linux	linux_kernel	>= 5.0 < 5.4.268	5.4.268
linux	linux_kernel	>= 5.11 < 5.15.148	5.15.148
linux	linux_kernel	>= 5.16 < 6.1.75	6.1.75
linux	linux_kernel	>= 5.5 < 5.10.209	5.10.209
linux	linux_kernel	>= 6.2 < 6.6.14	6.6.14
linux	linux_kernel	>= 6.7 < 6.7.2	6.7.2
redhat	codeready_linux_builder_eus	—	—
redhat	codeready_linux_builder_eus	—	—
redhat	codeready_linux_builder_eus_for_power_little_endian_eus	—	—
redhat	codeready_linux_builder_eus_for_power_little_endian_eus	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_ibm_z_systems_eus	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_for_arm_64_eus	—	—
redhat	enterprise_linux_for_arm_64_eus	—	—

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv7.5HIGH