Lucene search

K

RedhatVULNRICHMENT:CVE-2023-6535

HistoryFeb 07, 2024 - 9:04 p.m.

CVE-2023-6535 Kernel: null pointer dereference in nvmet_tcp_execute_request

2024-02-0721:04:21

CWE-476

redhat

github.com

8

linux

nvme

tcp

null pointer

denial of service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

50.6%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

A flaw was found in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

References

access.redhat.com/errata/RHSA-2024:0723

access.redhat.com/errata/RHSA-2024:0724

access.redhat.com/errata/RHSA-2024:0725

access.redhat.com/errata/RHSA-2024:0881

access.redhat.com/errata/RHSA-2024:0897

access.redhat.com/errata/RHSA-2024:1248

access.redhat.com/errata/RHSA-2024:2094

access.redhat.com/errata/RHSA-2024:3810

access.redhat.com/security/cve/CVE-2023-6535

bugzilla.redhat.com/show_bug.cgi?id=2254053

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

50.6%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2023-6535

prion1 nvd1 debiancve1 cve1 redhatcve1 cvelist1 ubuntucve3 osv13 openvas27 nessus43 fedora2 ibm4 redhat16 rocky1 oraclelinux3 almalinux1 ubuntu9