First published: Mon Dec 11 2023(Updated: )
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 | |
Linux Kernel | >=5.0<5.4.268 | |
Linux Kernel | >=5.5<5.10.209 | |
Linux Kernel | >=5.11<5.15.148 | |
Linux Kernel | >=5.16<6.1.75 | |
Linux Kernel | >=6.2<6.6.14 | |
Linux Kernel | >=6.7<6.7.2 | |
Red Hat CodeReady Linux Builder | =8.6 | |
Red Hat CodeReady Linux Builder | =9.2 | |
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support | =8.6_ppc64le | |
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support | =9.2_ppc64le | |
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support | =8.6_aarch64 | |
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support | =9.2_aarch64 | |
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support | =9.2_s390x | |
Red Hat Enterprise Linux | =8.0 | |
Red Hat Enterprise Linux | =9.0 | |
Red Hat Enterprise Linux Server EUS | =8.6 | |
Red Hat Enterprise Linux Server EUS | =9.2 | |
Red Hat Enterprise Linux for ARM64 EUS | =8.6_aarch64 | |
Red Hat Enterprise Linux for ARM64 EUS | =9.2_aarch64 | |
Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.6_s390x | |
Red Hat Enterprise Linux for IBM Z Systems (s390x) | =9.2_s390x | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.6_ppc64le | |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =9.2_ppc64le | |
Red Hat Enterprise Linux for Real Time | =9.2 | |
Red Hat Enterprise Linux for Real Time for NFV | =9.2 | |
Red Hat Enterprise Linux Server | =8.6 | |
Red Hat Enterprise Linux Server | =9.2 | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.6_ppc64le | |
Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =9.2_ppc64le | |
Red Hat Enterprise Linux Server | =8.6 | |
All of | ||
Red Hat Enterprise Linux | =8.0 | |
Red Hat Virtualization Host EUS | =4.0 | |
Debian Linux | =10.0 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-6536 has been classified as a high severity vulnerability due to its potential to cause kernel panic and denial of service.
CVE-2023-6536 affects various versions of the Linux kernel, IBM Security Verify Governance, and Red Hat enterprise Linux components among others.
To mitigate CVE-2023-6536, upgrade to a patched version of the Linux kernel or affected software components as the updates become available.
CVE-2023-6536 allows an unauthenticated attacker to exploit the NVMe driver over TCP, potentially causing a system crash.
There are no universal workarounds; disabling NVMe over TCP may prevent exploitation until a patch can be applied.