CVE-2023-6356

CWE-476NULL Pointer Dereference23 documents7 sources
Severity
7.5HIGH
EPSS
0.0%
top 93.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Linux Linux KernelDebian Debian LinuxRedhat Codeready Linux Builder EUS+14 more
Timeline
PublishedFeb 7
Latest updateJun 26

Description

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages16 packages

NVDlinux/linux_kernel5.05.4.268+5
Debianlinux< 5.10.209-1+3
Ubuntulinux-aws< 6.5.0-1021.21
Ubuntulinux-laptop< 6.5.0-1017.20
Ubuntulinux-oracle< 6.5.0-1024.24

Also affects: Debian Linux 10.0, Enterprise Linux 8.0, 9.0, 8.6, 9.2

🔴Vulnerability Details

12
OSV
linux-oracle-6.5 vulnerabilities2024-06-26
OSV
linux-hwe-6.5 vulnerabilities2024-06-18
OSV
linux-nvidia-6.5 vulnerabilities2024-06-14
OSV
linux-oem-6.5 vulnerabilities2024-06-12
OSV
linux-aws, linux-oracle vulnerabilities2024-06-11

📋Vendor Advisories

10
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-06-26
Ubuntu
Linux kernel (HWE) vulnerabilities2024-06-18
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2024-06-14
Ubuntu
Linux kernel (OEM) vulnerabilities2024-06-12
Ubuntu
Linux kernel vulnerabilities2024-06-11