CVE-2023-6356

moderate-risk

Published 2024-02-07

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Codeready Linux Builder Eus

Codeready Linux Builder Eus For Power Little Endian Eus

Codeready Linux Builder For Arm64 Eus

Codeready Linux Builder For Ibm Z Systems Eus

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux For Arm 64 Eus

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Power Little Endian Eus

Enterprise Linux For Real Time

Enterprise Linux For Real Time For Nfv

Enterprise Linux Server Aus

Affected Vendors

Debian Redhat Linux

References (23)

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0723

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0724

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0725

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0881

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:0897

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1248

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:2094

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:3810

Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-6356

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2254054