CVE-2023-6356 - OpenCVE

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Codeready Linux Builder Eus Enterprise Linux Virtualization Host Codeready Linux Builder Eus For Power Little Endian Eus Enterprise Linux Server Tus Codeready Linux Builder For Ibm Z Systems Eus Enterprise Linux For Real Time Enterprise Linux For Real Time For Nfv Codeready Linux Builder For Arm64 Eus Enterprise Linux For Arm 64 Eus Enterprise Linux For Ibm Z Systems Eus Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux For Power Little Endian Eus Enterprise Linux Server Aus Enterprise Linux Eus
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

Configuration 3 [-]

AND

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:0723	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0724	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0725	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0881
https://access.redhat.com/errata/RHSA-2024:0897
https://access.redhat.com/errata/RHSA-2024:1248
https://access.redhat.com/errata/RHSA-2024:3810
https://access.redhat.com/security/cve/CVE-2023-6356	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2254054	Issue Tracking
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://security.netapp.com/advisory/ntap-20240415-0002/