First published: Thu Nov 16 2023(Updated: )
An out-of-bounds read issue was found in the NVMe-oF/TCP subsystem in the Linux kernel. A remote attacker could send a crafted TCP packet triggering a heap-based buffer overflow that results in kmalloc data to be printed (and potentially leaked) to the kernel ring buffer (dmesg). Upstream refs: <a href="https://lore.kernel.org/linux-nvme/b58a2dc6-cc8f-4d19-9efe-e1d5b4505efc@nvidia.com/T/">https://lore.kernel.org/linux-nvme/b58a2dc6-cc8f-4d19-9efe-e1d5b4505efc@nvidia.com/T/</a> <a href="https://lore.kernel.org/linux-nvme/CAK5usQvxAyC3LJ4OnqerS1P0JpbfFr9uRZmq6Jb4QhaB7AQCoQ@mail.gmail.com/T/">https://lore.kernel.org/linux-nvme/CAK5usQvxAyC3LJ4OnqerS1P0JpbfFr9uRZmq6Jb4QhaB7AQCoQ@mail.gmail.com/T/</a>
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
redhat/kernel | <6.7 | 6.7 |
ubuntu/linux | <4.15.0-223.235 | 4.15.0-223.235 |
ubuntu/linux | <5.4.0-173.191 | 5.4.0-173.191 |
ubuntu/linux | <5.15.0-100.110 | 5.15.0-100.110 |
ubuntu/linux | <6.5.0-25.25 | 6.5.0-25.25 |
ubuntu/linux | <6.7~ | 6.7~ |
ubuntu/linux-aws | <4.15.0-1166.179 | 4.15.0-1166.179 |
ubuntu/linux-aws | <5.4.0-1120.130 | 5.4.0-1120.130 |
ubuntu/linux-aws | <5.15.0-1056.61 | 5.15.0-1056.61 |
ubuntu/linux-aws | <6.5.0-1015.15 | 6.5.0-1015.15 |
ubuntu/linux-aws | <6.7~ | 6.7~ |
ubuntu/linux-aws-5.15 | <5.15.0-1056.61~20.04.1 | 5.15.0-1056.61~20.04.1 |
ubuntu/linux-aws-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-aws-5.4 | <5.4.0-1120.130~18.04.1 | 5.4.0-1120.130~18.04.1 |
ubuntu/linux-aws-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-aws-6.5 | <6.5.0-1015.15~22.04.1 | 6.5.0-1015.15~22.04.1 |
ubuntu/linux-aws-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-aws-fips | <6.7~ | 6.7~ |
ubuntu/linux-aws-hwe | <6.7~ | 6.7~ |
ubuntu/linux-aws-hwe | <4.15.0-1166.179~16.04.1 | 4.15.0-1166.179~16.04.1 |
ubuntu/linux-azure | <5.4.0-1126.133 | 5.4.0-1126.133 |
ubuntu/linux-azure | <5.15.0-1058.66 | 5.15.0-1058.66 |
ubuntu/linux-azure | <6.5.0-1016.16 | 6.5.0-1016.16 |
ubuntu/linux-azure | <4.15.0-1175.190~14.04.1 | 4.15.0-1175.190~14.04.1 |
ubuntu/linux-azure | <6.7~ | 6.7~ |
ubuntu/linux-azure | <4.15.0-1175.190~16.04.1 | 4.15.0-1175.190~16.04.1 |
ubuntu/linux-azure-4.15 | <4.15.0-1175.190 | 4.15.0-1175.190 |
ubuntu/linux-azure-4.15 | <6.7~ | 6.7~ |
ubuntu/linux-azure-5.15 | <5.15.0-1058.66~20.04.2 | 5.15.0-1058.66~20.04.2 |
ubuntu/linux-azure-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-azure-5.4 | <5.4.0-1126.133~18.04.1 | 5.4.0-1126.133~18.04.1 |
ubuntu/linux-azure-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-azure-6.5 | <6.5.0-1016.16~22.04.1 | 6.5.0-1016.16~22.04.1 |
ubuntu/linux-azure-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-azure-fde | <5.15.0-1058.66.1 | 5.15.0-1058.66.1 |
ubuntu/linux-azure-fde | <6.7~ | 6.7~ |
ubuntu/linux-azure-fde-5.15 | <5.15.0-1058.66~20.04.2.1 | 5.15.0-1058.66~20.04.2.1 |
ubuntu/linux-azure-fde-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-azure-fips | <6.7~ | 6.7~ |
ubuntu/linux-bluefield | <5.4.0-1080.87 | 5.4.0-1080.87 |
ubuntu/linux-bluefield | <6.7~ | 6.7~ |
ubuntu/linux-fips | <6.7~ | 6.7~ |
ubuntu/linux-gcp | <5.4.0-1124.133 | 5.4.0-1124.133 |
ubuntu/linux-gcp | <5.15.0-1053.61 | 5.15.0-1053.61 |
ubuntu/linux-gcp | <6.5.0-1015.15 | 6.5.0-1015.15 |
ubuntu/linux-gcp | <6.7~ | 6.7~ |
ubuntu/linux-gcp | <4.15.0-1160.177~16.04.1 | 4.15.0-1160.177~16.04.1 |
ubuntu/linux-gcp-4.15 | <4.15.0-1160.177 | 4.15.0-1160.177 |
ubuntu/linux-gcp-4.15 | <6.7~ | 6.7~ |
ubuntu/linux-gcp-5.15 | <5.15.0-1053.61~20.04.1 | 5.15.0-1053.61~20.04.1 |
ubuntu/linux-gcp-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-gcp-5.4 | <5.4.0-1124.133~18.04.1 | 5.4.0-1124.133~18.04.1 |
ubuntu/linux-gcp-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-gcp-6.5 | <6.5.0-1015.15~22.04.1 | 6.5.0-1015.15~22.04.1 |
ubuntu/linux-gcp-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-gcp-fips | <6.7~ | 6.7~ |
ubuntu/linux-gke | <5.15.0-1052.57 | 5.15.0-1052.57 |
ubuntu/linux-gke | <6.7~ | 6.7~ |
ubuntu/linux-gkeop | <5.4.0-1087.91 | 5.4.0-1087.91 |
ubuntu/linux-gkeop | <5.15.0-1038.44 | 5.15.0-1038.44 |
ubuntu/linux-gkeop | <6.7~ | 6.7~ |
ubuntu/linux-gkeop-5.15 | <5.15.0-1038.44~20.04.1 | 5.15.0-1038.44~20.04.1 |
ubuntu/linux-gkeop-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-hwe | <6.7~ | 6.7~ |
ubuntu/linux-hwe | <4.15.0-223.235~16.04.1 | 4.15.0-223.235~16.04.1 |
ubuntu/linux-hwe-5.15 | <5.15.0-100.110~20.04.1 | 5.15.0-100.110~20.04.1 |
ubuntu/linux-hwe-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-hwe-5.4 | <5.4.0-173.191~18.04.1 | 5.4.0-173.191~18.04.1 |
ubuntu/linux-hwe-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-hwe-6.5 | <6.5.0-25.25~22.04.1 | 6.5.0-25.25~22.04.1 |
ubuntu/linux-hwe-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-ibm | <5.4.0-1067.72 | 5.4.0-1067.72 |
ubuntu/linux-ibm | <5.15.0-1048.51 | 5.15.0-1048.51 |
ubuntu/linux-ibm | <6.7~ | 6.7~ |
ubuntu/linux-ibm-5.15 | <5.15.0-1048.51~20.04.1 | 5.15.0-1048.51~20.04.1 |
ubuntu/linux-ibm-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-ibm-5.4 | <5.4.0-1067.72~18.04.1 | 5.4.0-1067.72~18.04.1 |
ubuntu/linux-ibm-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-intel | <6.7~ | 6.7~ |
ubuntu/linux-intel-iotg | <5.15.0-1050.56 | 5.15.0-1050.56 |
ubuntu/linux-intel-iotg | <6.7~ | 6.7~ |
ubuntu/linux-intel-iotg-5.15 | <5.15.0-1050.56~20.04.1 | 5.15.0-1050.56~20.04.1 |
ubuntu/linux-intel-iotg-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-iot | <5.4.0-1032.33 | 5.4.0-1032.33 |
ubuntu/linux-iot | <6.7~ | 6.7~ |
ubuntu/linux-kvm | <4.15.0-1150.155 | 4.15.0-1150.155 |
ubuntu/linux-kvm | <5.4.0-1108.115 | 5.4.0-1108.115 |
ubuntu/linux-kvm | <5.15.0-1052.57 | 5.15.0-1052.57 |
ubuntu/linux-kvm | <6.7~ | 6.7~ |
ubuntu/linux-laptop | <6.5.0-1011.14 | 6.5.0-1011.14 |
ubuntu/linux-laptop | <6.7~ | 6.7~ |
ubuntu/linux-lowlatency | <5.15.0-100.110 | 5.15.0-100.110 |
ubuntu/linux-lowlatency | <6.5.0-25.25.1 | 6.5.0-25.25.1 |
ubuntu/linux-lowlatency | <6.7~ | 6.7~ |
ubuntu/linux-lowlatency-hwe-5.15 | <5.15.0-100.110~20.04.1 | 5.15.0-100.110~20.04.1 |
ubuntu/linux-lowlatency-hwe-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-lowlatency-hwe-6.5 | <6.5.0-25.25.1~22.04.1 | 6.5.0-25.25.1~22.04.1 |
ubuntu/linux-lowlatency-hwe-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-lts-xenial | <6.7~ | 6.7~ |
ubuntu/linux-nvidia | <5.15.0-1046.46 | 5.15.0-1046.46 |
ubuntu/linux-nvidia | <6.7~ | 6.7~ |
ubuntu/linux-nvidia-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-oem-6.1 | <6.1.0-1033.33 | 6.1.0-1033.33 |
ubuntu/linux-oem-6.1 | <6.7~ | 6.7~ |
ubuntu/linux-oem-6.5 | <6.5.0-1016.17 | 6.5.0-1016.17 |
ubuntu/linux-oem-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-oem-6.8 | <6.7~ | 6.7~ |
ubuntu/linux-oracle | <4.15.0-1129.140 | 4.15.0-1129.140 |
ubuntu/linux-oracle | <5.4.0-1119.128 | 5.4.0-1119.128 |
ubuntu/linux-oracle | <5.15.0-1053.59 | 5.15.0-1053.59 |
ubuntu/linux-oracle | <6.5.0-1018.18 | 6.5.0-1018.18 |
ubuntu/linux-oracle | <6.7~ | 6.7~ |
ubuntu/linux-oracle | <4.15.0-1129.140~16.04.1 | 4.15.0-1129.140~16.04.1 |
ubuntu/linux-oracle-5.15 | <5.15.0-1053.59~20.04.1 | 5.15.0-1053.59~20.04.1 |
ubuntu/linux-oracle-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-oracle-5.4 | <5.4.0-1119.128~18.04.1 | 5.4.0-1119.128~18.04.1 |
ubuntu/linux-oracle-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-oracle-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-raspi | <5.4.0-1104.116 | 5.4.0-1104.116 |
ubuntu/linux-raspi | <5.15.0-1048.51 | 5.15.0-1048.51 |
ubuntu/linux-raspi | <6.5.0-1012.15 | 6.5.0-1012.15 |
ubuntu/linux-raspi | <6.7.0-1001.1 | 6.7.0-1001.1 |
ubuntu/linux-raspi | <6.7~ | 6.7~ |
ubuntu/linux-raspi-5.4 | <5.4.0-1104.116~18.04.1 | 5.4.0-1104.116~18.04.1 |
ubuntu/linux-raspi-5.4 | <6.7~ | 6.7~ |
ubuntu/linux-riscv | <6.5.0-25.25.1 | 6.5.0-25.25.1 |
ubuntu/linux-riscv | <6.7~ | 6.7~ |
ubuntu/linux-riscv-5.15 | <5.15.0-1051.55~20.04.1 | 5.15.0-1051.55~20.04.1 |
ubuntu/linux-riscv-5.15 | <6.7~ | 6.7~ |
ubuntu/linux-riscv-6.5 | <6.5.0-25.25.1~22.04.1 | 6.5.0-25.25.1~22.04.1 |
ubuntu/linux-riscv-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-starfive | <6.5.0-1009.10 | 6.5.0-1009.10 |
ubuntu/linux-starfive | <6.7~ | 6.7~ |
ubuntu/linux-starfive-6.5 | <6.5.0-1009.10~22.04.1 | 6.5.0-1009.10~22.04.1 |
ubuntu/linux-starfive-6.5 | <6.7~ | 6.7~ |
ubuntu/linux-xilinx-zynqmp | <5.4.0-1039.43 | 5.4.0-1039.43 |
ubuntu/linux-xilinx-zynqmp | <6.7~ | 6.7~ |
debian/linux | 5.10.218-1 5.10.221-1 6.1.94-1 6.1.99-1 6.9.9-1 6.9.10-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2023-6121 is an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem in the Linux kernel.
CVE-2023-6121 allows a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that could potentially lead to data leakage.
CVE-2023-6121 has a severity rating of medium with a CVSS score of 4.3.
To fix CVE-2023-6121, users are advised to apply the appropriate security patches provided by their respective Linux distributions or vendor.
More information about CVE-2023-6121 can be found at the following references: [Red Hat Security Advisory](https://access.redhat.com/security/cve/CVE-2023-6121) and [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2250043).