CVE-2023-6536 — NULL Pointer Dereference in Kernel
Severity
7.5HIGHNVD
CNA6.5OSV6.5
EPSS
0.0%
top 90.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 7
Latest updateJun 26
Description
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 10.0, Enterprise Linux 8.0, 9.0, 8.6, 9.2