Lucene search

K
redhatcveRedhat.comRH:CVE-2023-6536
HistoryDec 11, 2023 - 6:31 p.m.

CVE-2023-6536

2023-12-1118:31:14
redhat.com
access.redhat.com
20
linux kernel
nvme driver
tcp packages
unauthenticated actor
denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

45.2%

A flaw was found in the Linux kernel’s NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Mitigation

To mitigate this issue, prevent module nvmet-tcp from being loaded. Please see <https://access.redhat.com/solutions/41278&gt; for how to blacklist a kernel module to prevent it from loading automatically.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

45.2%