CVE-2023-6535: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using…

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Affected

30 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	linux	< linux 6.1.76-1 (bookworm)	linux 6.1.76-1 (bookworm)
linux	linux_kernel	>= 0 < 5.10.209-1	5.10.209-1
linux	linux_kernel	>= 0 < 6.1.76-1	6.1.76-1
linux	linux_kernel	>= 0 < 6.6.15-1	6.6.15-1
linux	linux_kernel	>= 0 < 6.6.15-1	6.6.15-1
redhat	codeready_linux_builder_eus	—	—
redhat	codeready_linux_builder_eus	—	—
redhat	codeready_linux_builder_eus_for_power_little_endian_eus	—	—
redhat	codeready_linux_builder_eus_for_power_little_endian_eus	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_arm64_eus	—	—
redhat	codeready_linux_builder_for_ibm_z_systems_eus	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_for_arm_64_eus	—	—
redhat	enterprise_linux_for_arm_64_eus	—	—
redhat	enterprise_linux_for_ibm_z_systems_eus	—	—
redhat	enterprise_linux_for_ibm_z_systems_eus	—	—
redhat	enterprise_linux_for_power_little_endian_eus	—	—
redhat	enterprise_linux_for_power_little_endian_eus	—	—
redhat	enterprise_linux_for_real_time	—	—
redhat	enterprise_linux_for_real_time_for_nfv	—	—
redhat	enterprise_linux_server_aus	—	—

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

osv7.5HIGH