Bug 2254054 (CVE-2023-6356) - CVE-2023-6356 kernel: NULL pointer dereference in nvmet_tcp_build_iovec
Summary: CVE-2023-6356 kernel: NULL pointer dereference in nvmet_tcp_build_iovec
Keywords:
Status: NEW
Alias: CVE-2023-6356
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2254058
Blocks: 2254051
TreeView+ depends on / blocked
 
Reported: 2023-12-11 17:56 UTC by Marco Benatto
Modified: 2024-04-24 10:04 UTC (History)
48 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:0858 0 None None None 2024-02-19 01:12:22 UTC
Red Hat Product Errata RHBA-2024:1336 0 None None None 2024-03-14 15:40:54 UTC
Red Hat Product Errata RHBA-2024:1379 0 None None None 2024-03-19 15:00:54 UTC
Red Hat Product Errata RHSA-2024:0723 0 None None None 2024-02-07 16:26:21 UTC
Red Hat Product Errata RHSA-2024:0724 0 None None None 2024-02-07 16:31:08 UTC
Red Hat Product Errata RHSA-2024:0725 0 None None None 2024-02-07 16:22:25 UTC
Red Hat Product Errata RHSA-2024:0881 0 None None None 2024-02-20 12:29:04 UTC
Red Hat Product Errata RHSA-2024:0897 0 None None None 2024-02-20 12:33:45 UTC
Red Hat Product Errata RHSA-2024:1248 0 None None None 2024-03-12 00:46:55 UTC

Description Marco Benatto 2023-12-11 17:56:52 UTC 
There's a flaw in Linux kernel's NVMe driver where an attacker can send crafted TCP packets leading to NULL point dereference in nvmet_tcp_build_iovec. A successfully attack can result in a remote Denial-of-service.
Comment 1 Marco Benatto 2023-12-11 18:08:01 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2254058]
Comment 3 Salvatore Bonaccorso 2023-12-12 06:55:03 UTC 
Marco, are there upstream details on the issue?
Comment 5 Marco Benatto 2023-12-19 17:02:53 UTC 
(In reply to Salvatore Bonaccorso from comment #3)
> Marco, are there upstream details on the issue?

Hello,

you can find the conversation at: https://lore.kernel.org/linux-nvme/CAK5usQupQgYoyav2itYADv2XVooMptqqswW8cTkuoMkRpjapwQ@mail.gmail.com/T/#t
Comment 10 errata-xmlrpc 2024-02-07 16:22:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0725
Comment 11 errata-xmlrpc 2024-02-07 16:26:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0723
Comment 12 errata-xmlrpc 2024-02-07 16:31:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
Comment 14 errata-xmlrpc 2024-02-20 12:29:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0881
Comment 15 errata-xmlrpc 2024-02-20 12:33:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:0897
Comment 17 errata-xmlrpc 2024-03-12 00:46:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:1248
Note You need to log in before you can comment on or make changes to this bug.