CVE-2023-6535

high

Published 2024-03-12 · Modified 2024-02-20

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.0

Description

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description kernel: NULL pointer dereference in nvmet_tcp_execute_request Red Hat statement Red Hat Enterprise Linux 6 and 7 are not affected by this issue as it doesn't ship the related NVMe driver code. CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux…

Description

kernel: NULL pointer dereference in nvmet_tcp_execute_request

Red Hat statement

Red Hat Enterprise Linux 6 and 7 are not affected by this issue as it doesn't ship the related NVMe driver code.

CVSS v3: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`kernel-rt-0:4.18.0-513.18.1.rt7.320.el8_9`	RHSA-2024:0881	2024-02-20T00:00:00Z
Red Hat Enterprise Linux 8	`kernel-0:4.18.0-513.18.1.el8_9`	RHSA-2024:0897	2024-02-20T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support	`kernel-0:4.18.0-372.91.1.el8_6`	RHSA-2024:0724	2024-02-07T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support	`kernel-0:4.18.0-477.58.1.el8_8`	RHSA-2024:3810	2024-06-11T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-362.24.1.el9_3`	RHSA-2024:1248	2024-03-12T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-362.24.1.el9_3`	RHSA-2024:1248	2024-03-12T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support	`kernel-0:5.14.0-284.52.1.el9_2`	RHSA-2024:0723	2024-02-07T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support	`kernel-rt-0:5.14.0-284.52.1.rt14.337.el9_2`	RHSA-2024:0725	2024-02-07T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	`kernel-0:4.18.0-372.91.1.el8_6`	RHSA-2024:0724	2024-02-07T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/cluster-logging-operator-bundle:v5.8.6-22`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/cluster-logging-rhel9-operator:v5.8.6-11`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/elasticsearch6-rhel9:v6.8.1-407`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/elasticsearch-operator-bundle:v5.8.6-19`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-479`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/elasticsearch-rhel9-operator:v5.8.6-7`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/eventrouter-rhel9:v0.4.0-247`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/fluentd-rhel9:v5.8.6-5`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-227`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/logging-curator5-rhel9:v5.8.1-470`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/logging-loki-rhel9:v2.9.6-14`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/logging-view-plugin-rhel9:v5.8.6-2`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/loki-operator-bundle:v5.8.6-24`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/loki-rhel9-operator:v5.8.6-10`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/lokistack-gateway-rhel9:v0.1.0-525`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/opa-openshift-rhel9:v0.1.0-224`	RHSA-2024:2094	2024-05-01T00:00:00Z
RHOL-5.8-RHEL-9	`openshift-logging/vector-rhel9:v0.28.1-56`	RHSA-2024:2094	2024-05-01T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`kernel`	Not affected
Red Hat Enterprise Linux 7	`kernel`	Not affected
Red Hat Enterprise Linux 7	`kernel-rt`	Not affected
Red Hat Enterprise Linux 9	`kernel-rt`	Affected

Apply commands

bash fix

Apply RHSA-2024:0881 for Red Hat Enterprise Linux 8

yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 6	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Affected`

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`6.6.15-1`
sid	Fixed	`6.6.15-1`
forky	Fixed	`6.6.15-1`
bullseye	Fixed	`5.10.209-1`
bookworm	Fixed	`6.1.76-1`

Red Hat Fixed 2 releases

Version	Status	Fixed in
9	Fixed	—
8	Fixed	—

Rocky Linux Fixed 1 release

Version	Status	Fixed in
9	Fixed	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.