PT-2023-7103 · Linux+9 · Linux Kernel+9

Alon Zahavi

·

Published

2023-11-06

·

Updated

2024-12-19

·

CVE-2023-6121

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An out-of-bounds read issue was found in the NVMe-oF/TCP subsystem. This may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer. The vulnerability is related to the nvmet ctrl find get() function in the drivers/nvme/target/core.c module.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:2394
ALSA-2024:2950
ALSA-2024:3138
ALT-PU-2024-1031
BDU:2023-08130
CESA-2024_2950
CESA-2024_3138
CVE-2023-6121
DLA-3711-1
DSA-5594-1
INFSA-2024_2394
INFSA-2024_2950
INFSA-2024_3138
OESA-2024-1030
OESA-2024-1031
OESA-2024-1085
OESA-2024-1086
OESA-2024-1087
OESA-2024-1088
OPENSUSE-SU-2024_0156-1
RHSA-2024:2394
RHSA-2024:2950
RHSA-2024:3138
RHSA-2024_2394
RHSA-2024_2950
RHSA-2024_3138
RLSA-2024:2950
RLSA-2024:3138
SUSE-SU-2024:0110-1
SUSE-SU-2024:0113-1
SUSE-SU-2024:0115-1
SUSE-SU-2024:0117-1
SUSE-SU-2024:0118-1
SUSE-SU-2024:0120-1
SUSE-SU-2024:0129-1
SUSE-SU-2024:0141-1
SUSE-SU-2024:0153-1
SUSE-SU-2024:0154-1
SUSE-SU-2024:0156-1
SUSE-SU-2024:0160-1
USN-6639-1
USN-6680-1
USN-6680-2
USN-6680-3
USN-6681-1
USN-6681-2
USN-6681-3
USN-6681-4
USN-6686-1
USN-6686-2
USN-6686-3
USN-6686-4
USN-6686-5
USN-6701-1
USN-6701-2
USN-6701-3
USN-6701-4
USN-6705-1
USN-6716-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu