CVE-2023-6121
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.0-553.rt7.342.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 0:4.18.0-553.el8_10 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-427.13.1.el9_4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:5.14.0-427.13.1.el9_4 < * | unaffected |
Weaknesses
- CWE-125: Out-of-bounds Read
Workarounds
This flaw can be mitigated by explicitly setting the kernel parameter to restrict unprivileged users from using dmesg:
sudo sysctl -w kernel.dmesg_restrict=1
To make it persistent between system reboots:
echo 'kernel.dmesg_restrict=1' | sudo tee -a /etc/sysctl.conf
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-6121
- https://bugzilla.redhat.com/show_bug.cgi?id=2250043
- https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-398330.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-613116.html
References
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/errata/RHSA-2024:2950
- https://access.redhat.com/errata/RHSA-2024:3138
- https://access.redhat.com/security/cve/CVE-2023-6121
- https://bugzilla.redhat.com/show_bug.cgi?id=2250043
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.