CVE-2023-6535

CWE-476 — NULL Pointer Dereference23 documents7 sources

Severity

7.5HIGH

EPSS

0.0%

top 92.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Codeready Linux Builder EUS Redhat Codeready Linux Builder EUS FOR Power Little Endian EUS Redhat Codeready Linux Builder FOR Arm64 EUS +12 more

Timeline

PublishedFeb 7

Latest updateJun 26

Description

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages15 packages

▶Debianlinux< 5.10.209-1+3

▶Ubuntulinux-aws< 6.5.0-1021.21

▶Ubuntulinux-laptop< 6.5.0-1017.20

▶Ubuntulinux-oracle< 6.5.0-1024.24

▶Ubuntulinux-gcp-6.5< 6.5.0-1022.24~22.04.1

Also affects: Enterprise Linux 8.0, 9.0, 8.6, 9.2

🔴Vulnerability Details

OSV

linux-oracle-6.5 vulnerabilities↗2024-06-26

▶

OSV

linux-hwe-6.5 vulnerabilities↗2024-06-18

▶

OSV

linux-nvidia-6.5 vulnerabilities↗2024-06-14

▶

OSV

linux-oem-6.5 vulnerabilities↗2024-06-12

▶

OSV

linux-aws, linux-oracle vulnerabilities↗2024-06-11

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Oracle) vulnerabilities↗2024-06-26

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2024-06-18

▶

Ubuntu

Linux kernel (NVIDIA) vulnerabilities↗2024-06-14

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2024-06-12

▶

Ubuntu

Linux kernel vulnerabilities↗2024-06-11

▶