Bug 2254053 (CVE-2023-6535) - CVE-2023-6535 kernel: NULL pointer dereference in nvmet_tcp_execute_request
Summary: CVE-2023-6535 kernel: NULL pointer dereference in nvmet_tcp_execute_request
Keywords:
Status: NEW
Alias: CVE-2023-6535
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2254056
Blocks: 2254051
TreeView+ depends on / blocked
 
Reported: 2023-12-11 17:55 UTC by Marco Benatto
Modified: 2024-04-16 19:49 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:0858 0 None None None 2024-02-19 01:12:24 UTC
Red Hat Product Errata RHBA-2024:1336 0 None None None 2024-03-14 15:40:53 UTC
Red Hat Product Errata RHBA-2024:1379 0 None None None 2024-03-19 15:00:49 UTC
Red Hat Product Errata RHSA-2024:0723 0 None None None 2024-02-07 16:26:14 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:31:07 UTC
Red Hat Product Errata RHSA-2024:0725 0 None None None 2024-02-07 16:22:19 UTC
Red Hat Product Errata RHSA-2024:0881 0 None None None 2024-02-20 12:29:00 UTC
Red Hat Product Errata RHSA-2024:0897 0 None None None 2024-02-20 12:33:44 UTC
Red Hat Product Errata RHSA-2024:1248 0 None None None 2024-03-12 00:45:42 UTC

Description Marco Benatto 2023-12-11 17:55:39 UTC 
There's a flaw in Linux kernel's NVMe driver where an attacker can send crafted NVMe-oF/TCP packets leading to NULL point dereference in nvmet_tcp_execute_request function. A successfuly attack can result in a remote Denial-of-service.
Comment 1 Marco Benatto 2023-12-11 18:03:13 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2254056]
Comment 3 Salvatore Bonaccorso 2023-12-12 06:52:38 UTC 
Marco are there upstream details on the issue?
Comment 5 Marco Benatto 2023-12-19 17:03:40 UTC 
(In reply to Salvatore Bonaccorso from comment #3)
> Marco are there upstream details on the issue?

Hello,

you can find the upstream conversation at: https://lore.kernel.org/linux-nvme/89a927a6-2baf-434a-b1d5-50fb99beca73@grimberg.me/T/#t
Comment 8 errata-xmlrpc 2024-02-07 16:22:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0725
Comment 9 errata-xmlrpc 2024-02-07 16:26:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0723
Comment 10 errata-xmlrpc 2024-02-07 16:31:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Comment 12 errata-xmlrpc 2024-02-20 12:28:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0881
Comment 13 errata-xmlrpc 2024-02-20 12:33:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:0897
Comment 15 errata-xmlrpc 2024-03-12 00:45:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:1248
Note You need to log in before you can comment on or make changes to this bug.