CVE-2023-6356

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:0723	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0724	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0725	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0881	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0897	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1248	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2094	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3810	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-6356	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254054	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

14 Sep 2024, 00:15

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html', 'tags': ['Mailing List', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}~~ ~~{'url': 'https://security.netapp.com/advisory/ntap-20240415-0002/', 'tags': ['Third Party Advisory'], 'source': 'secalert@redhat.com'}~~

27 Aug 2024, 19:22

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2024:0881 -~~	() https://access.redhat.com/errata/RHSA-2024:0881 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:0897 -~~	() https://access.redhat.com/errata/RHSA-2024:0897 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:1248 -~~	() https://access.redhat.com/errata/RHSA-2024:1248 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:2094 -~~	() https://access.redhat.com/errata/RHSA-2024:2094 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:3810 -~~	() https://access.redhat.com/errata/RHSA-2024:3810 - Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html -~~	() https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html - Mailing List, Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20240415-0002/ -~~	() https://security.netapp.com/advisory/ntap-20240415-0002/ - Third Party Advisory
CPE	cpe:2.3:o:linux:linux_kernel:-:::::::*	cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:debian:debian_linux:10.0:::::::*
First Time		Debian debian Linux Debian

08 Jul 2024, 18:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:2094 -

25 Jun 2024, 21:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html -

12 Jun 2024, 10:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:3810 -

25 Apr 2024, 16:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240415-0002/ -

12 Mar 2024, 03:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:1248 -

20 Feb 2024, 15:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0881 - () https://access.redhat.com/errata/RHSA-2024:0897 -

15 Feb 2024, 15:39

Type	Values Removed	Values Added
First Time		Redhat enterprise Linux Server Aus Redhat enterprise Linux For Real Time For Nfv Redhat codeready Linux Builder Eus For Power Little Endian Eus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat codeready Linux Builder Eus Redhat enterprise Linux For Real Time Redhat enterprise Linux Eus Redhat virtualization Host Redhat codeready Linux Builder For Ibm Z Systems Eus Redhat enterprise Linux For Power Little Endian Eus Linux linux Kernel Linux Redhat enterprise Linux For Arm 64 Eus Redhat Redhat enterprise Linux Server Tus Redhat enterprise Linux Redhat codeready Linux Builder For Arm64 Eus Redhat enterprise Linux For Ibm Z Systems Eus
CPE		cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::* cpe:2.3:a:redhat:virtualization_host:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~() https://access.redhat.com/security/cve/CVE-2023-6356 -~~	() https://access.redhat.com/security/cve/CVE-2023-6356 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:0725 -~~	() https://access.redhat.com/errata/RHSA-2024:0725 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:0723 -~~	() https://access.redhat.com/errata/RHSA-2024:0723 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2254054 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2254054 - Issue Tracking
References	~~() https://access.redhat.com/errata/RHSA-2024:0724 -~~	() https://access.redhat.com/errata/RHSA-2024:0724 - Third Party Advisory

07 Feb 2024, 22:02

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-07 21:15

Updated : 2024-09-14 00:15

NVD link : CVE-2023-6356

Mitre link : CVE-2023-6356

CVE.ORG link : CVE-2023-6356

JSON object : View

Products Affected

redhat

enterprise_linux_for_power_little_endian_eus
enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
enterprise_linux_for_arm_64_eus
enterprise_linux_for_real_time_for_nfv
codeready_linux_builder_for_arm64_eus
enterprise_linux
codeready_linux_builder_for_ibm_z_systems_eus
enterprise_linux_for_ibm_z_systems_eus
codeready_linux_builder_eus
virtualization_host
enterprise_linux_server_tus
enterprise_linux_eus
enterprise_linux_for_real_time
enterprise_linux_server_aus
codeready_linux_builder_eus_for_power_little_endian_eus

linux

linux_kernel

debian

debian_linux

CWE

CWE-476

NULL Pointer Dereference

7.5 /10