Medium severity4.3NVD Advisory· Published Nov 16, 2023· Updated May 12, 2026
CVE-2023-6121
CVE-2023-6121
Description
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
Affected products
6- Red Hat/Red Hat Enterprise Linux 8v52 versions
cpe:/a:redhat:enterprise_linux:8::realtime+ 1 more
- cpe:/a:redhat:enterprise_linux:8::realtimerange: 0:4.18.0-553.rt7.342.el8_10
- cpe:/o:redhat:enterprise_linux:8::baseosrange: 0:4.18.0-553.el8_10
- Red Hat/Red Hat Enterprise Linux 9v52 versions
cpe:/o:redhat:enterprise_linux:9::baseos+ 1 more
- cpe:/o:redhat:enterprise_linux:9::baseosrange: 0:5.14.0-427.13.1.el9_4
- cpe:/o:redhat:enterprise_linux:9
- Red Hat/Red Hat Enterprise Linux 6v5cpe:/o:redhat:enterprise_linux:6
- Red Hat/Red Hat Enterprise Linux 7v5cpe:/o:redhat:enterprise_linux:7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- access.redhat.com/security/cve/CVE-2023-6121nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- access.redhat.com/errata/RHSA-2024:2394nvd
- access.redhat.com/errata/RHSA-2024:2950nvd
- access.redhat.com/errata/RHSA-2024:3138nvd
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-398330.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-613116.htmlnvd
- lists.debian.org/debian-lts-announce/2024/01/msg00005.htmlnvd
News mentions
0No linked articles in our index yet.