Vulnerability Description
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | - |
| Redhat | Codeready Linux Builder Eus | 8.6 |
| Redhat | Codeready Linux Builder Eus For Power Little Endian Eus | 8.6_ppc64le |
| Redhat | Codeready Linux Builder For Arm64 Eus | 8.6_aarch64 |
| Redhat | Codeready Linux Builder For Ibm Z Systems Eus | 9.2_s390x |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Eus | 8.6 |
| Redhat | Enterprise Linux For Arm 64 Eus | 8.6_aarch64 |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.6_s390x |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.6_ppc64le |
| Redhat | Enterprise Linux For Real Time | 9.2 |
| Redhat | Enterprise Linux For Real Time For Nfv | 9.2 |
| Redhat | Enterprise Linux Server Aus | 8.6 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 8.6_ppc64le |
| Redhat | Enterprise Linux Server Tus | 8.6 |
| Redhat | Virtualization Host | 4.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2024:0723Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0724Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0725Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0881
- https://access.redhat.com/errata/RHSA-2024:0897
- https://access.redhat.com/errata/RHSA-2024:1248
- https://access.redhat.com/errata/RHSA-2024:2094
- https://access.redhat.com/errata/RHSA-2024:3810
- https://access.redhat.com/security/cve/CVE-2023-6535Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2254053Issue Tracking
- https://access.redhat.com/errata/RHSA-2024:0723Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0724Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0725Third Party Advisory
- https://access.redhat.com/errata/RHSA-2024:0881
- https://access.redhat.com/errata/RHSA-2024:0897
FAQ
What is CVE-2023-6535?
CVE-2023-6535 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a...
How severe is CVE-2023-6535?
CVE-2023-6535 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6535?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Codeready Linux Builder Eus, Redhat Codeready Linux Builder Eus For Power Little Endian Eus, Redhat Codeready Linux Builder For Arm64 Eus, Redhat Codeready Linux Builder For Ibm Z Systems Eus.