VDB
CISA-2023-6121
CISA-2023-6121
PUBLISHED
CVSS 4.3 MEDIUM
Reported by redhat · Published November 16, 2023
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
Risk Scores
CVSS 3.1
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.0-553.rt7.342.el8_10 |
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.0-553.el8_10 |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-427.13.1.el9_4 |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-427.13.1.el9_4 |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-427.13.1.el9_4, *, 0:5.14.0-427.13.1.el9_4 |
| Red Hat | Red Hat Enterprise Linux 8 | *, 0:4.18.0-553.rt7.342.el8_10 |
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.0-553.el8_10, 0:4.18.0-553.el8_10 |
| Red Hat | Red Hat Enterprise Linux 7 |
Timeline
- Nov 16, 2023 CVE Published
- Nov 6, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
References
- RHSA-2024:2394 vendor-advisoryx_refsource_REDHAT
- RHSA-2024:2950 vendor-advisoryx_refsource_REDHAT
- RHSA-2024:3138 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2250043 issue-trackingx_refsource_REDHAT
- https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html url