Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv3

CVE-2023-6121

Published: 16/11/2023 Updated: 30/04/2024
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Redhat

Vulnerability Summary

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote malicious user to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux 8.0

redhat enterprise linux 9.0

Vendor Advisories

Amazon Linux 2: ALASKERNEL-5.15-2024-033
An issue was discovered in the Linux kernel through 659 During a race with SQ thread exit, an io_uring/fdinfoc io_uring_show_fdinfo NULL pointer dereference can occur (CVE-2023-46862) An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel This flaw allows a remote attacker to send a crafted TCP packet, ...
Amazon Linux 2: ALASKERNEL-5.4-2024-057
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel This flaw allows a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data to be printed (and potentially leaked) to the kernel ring buffer (dmesg) (CVE-2023-6121) A heap out-of-bounds write vul ...
Amazon Linux 2: ALASKERNEL-5.10-2024-045
A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel (CVE-2023-39198) An issue was discovered in the Linux kernel through 659 During a race with SQ thread exit, an io_uring/fdinfoc io_uring_show_fdinfo NULL pointer dereference can occur (CVE-2023-46862) An out-of-bounds read vulnerability was foun ...
Amazon Linux 2: ALASKERNEL-5.10-2024-047
A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel (CVE-2023-39198) An issue was discovered in the Linux kernel through 659 During a race with SQ thread exit, an io_uring/fdinfoc io_uring_show_fdinfo NULL pointer dereference can occur (CVE-2023-46862) An out-of-bounds read vulnerability was foun ...
Amazon Linux 2: ALASKERNEL-5.15-2024-035
An issue was discovered in the Linux kernel through 659 During a race with SQ thread exit, an io_uring/fdinfoc io_uring_show_fdinfo NULL pointer dereference can occur (CVE-2023-46862) An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel This flaw allows a remote attacker to send a crafted TCP packet, ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/7e72c2dbe11c92a7b1ff90f0b78fc6f2
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-125https://access.redhat.com/security/cve/CVE-2023-6121https://bugzilla.redhat.com/show_bug.cgi?id=2250043https://lists.debian.org/debian-lts-announce/2024/01/msg00005.htmlhttps://access.redhat.com/errata/RHSA-2024:2394https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-24-102-01https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-033.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook