Vulnerability Description
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux | 6.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-6121Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2250043Issue TrackingThird Party Advisory
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-6121Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2250043Issue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-398330.html
- https://cert-portal.siemens.com/productcert/html/ssa-613116.html
FAQ
What is CVE-2023-6121?
CVE-2023-6121 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer over...
How severe is CVE-2023-6121?
CVE-2023-6121 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6121?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux.