Bug 2254052 (CVE-2023-6536) - CVE-2023-6536 kernel: NULL pointer dereference in __nvmet_req_complete
Summary: CVE-2023-6536 kernel: NULL pointer dereference in __nvmet_req_complete
Keywords:
Status: NEW
Alias: CVE-2023-6536
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2254055
Blocks: 2254051
TreeView+ depends on / blocked
 
Reported: 2023-12-11 17:54 UTC by Marco Benatto
Modified: 2024-04-24 10:06 UTC (History)
49 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:0858 0 None None None 2024-02-19 01:12:25 UTC
Red Hat Product Errata RHBA-2024:1336 0 None None None 2024-03-14 15:40:51 UTC
Red Hat Product Errata RHBA-2024:1379 0 None None None 2024-03-19 15:00:46 UTC
Red Hat Product Errata RHSA-2024:0723 0 None None None 2024-02-07 16:26:07 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:31:00 UTC
Red Hat Product Errata RHSA-2024:0725 0 None None None 2024-02-07 16:22:12 UTC
Red Hat Product Errata RHSA-2024:0881 0 None None None 2024-02-20 12:28:57 UTC
Red Hat Product Errata RHSA-2024:0897 0 None None None 2024-02-20 12:33:40 UTC
Red Hat Product Errata RHSA-2024:1248 0 None None None 2024-03-12 00:45:39 UTC

Description Marco Benatto 2023-12-11 17:54:09 UTC 
There's a flaw in Linux kernel's NVMe driver where an attacker can send crafted NVMe-oF/TCP packets leading to NULL point dereference in __nvmet_req_complete. A successfuly attack can result in a remote Denial-of-service.
Comment 1 Marco Benatto 2023-12-11 17:58:32 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2254055]
Comment 3 Salvatore Bonaccorso 2023-12-12 06:45:08 UTC 
Marco, are there upstream details on the issue?
Comment 5 Marco Benatto 2023-12-19 17:06:23 UTC 
(In reply to Salvatore Bonaccorso from comment #3)
> Marco, are there upstream details on the issue?

Hello,

you can find the upstream conversation at: https://lore.kernel.org/linux-nvme/69e7bbe4-b454-4941-90e2-2e6a4cf0f182@grimberg.me/T/#t
Comment 10 errata-xmlrpc 2024-02-07 16:22:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0725
Comment 11 errata-xmlrpc 2024-02-07 16:26:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0723
Comment 12 errata-xmlrpc 2024-02-07 16:30:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Comment 14 errata-xmlrpc 2024-02-20 12:28:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0881
Comment 15 errata-xmlrpc 2024-02-20 12:33:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:0897
Comment 17 errata-xmlrpc 2024-03-12 00:45:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:1248
Note You need to log in before you can comment on or make changes to this bug.