Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get
Summary
| CVE | CVE-2023-6121 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-11-16 15:15:11 UTC |
| Updated | 2026-05-12 11:16:17 UTC |
| Description | An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg). |
Risk And Classification
Primary CVSS: v3.1 4.3 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS: 0.006620000 probability, percentile 0.712990000 (date 2026-05-12)
Problem Types: CWE-125 | CWE-125 Out-of-bounds Read
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | [email protected] | Secondary | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | CNA | CVSS | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
LowIntegrity
NoneAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 9.0 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Red Hat | Red Hat Enterprise Linux 8 | unaffected 0:4.18.0-553.rt7.342.el8_10 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 8 | unaffected 0:4.18.0-553.el8_10 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 9 | unaffected 0:5.14.0-427.13.1.el9_4 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 9 | unaffected 0:5.14.0-427.13.1.el9_4 * rpm | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 6 | Not specified | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 7 | Not specified | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 7 | Not specified | Not specified |
| CNA | Red Hat | Red Hat Enterprise Linux 9 | Not specified | Not specified |
| ADP | Siemens | RUGGEDCOM RST2428P | unaffected * custom | Not specified |
| ADP | Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 Family | unaffected * custom | Not specified |
| ADP | Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 Family | unaffected * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem | affected * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.0 V3.1.5 custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.0 V3.1.5 custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.0 V3.1.5 custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.0 V3.1.5 custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.0 V3.1.5 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/html/ssa-398330.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| cert-portal.siemens.com/productcert/html/ssa-265688.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| lists.debian.org/debian-lts-announce/2024/01/msg00005.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | |
| access.redhat.com/errata/RHSA-2024:3138 | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | |
| cert-portal.siemens.com/productcert/html/ssa-613116.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| access.redhat.com/errata/RHSA-2024:2950 | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | |
| access.redhat.com/errata/RHSA-2024:2394 | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | |
| access.redhat.com/security/cve/CVE-2023-6121 | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| bugzilla.redhat.com/show_bug.cgi | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Red Hat would like to thank Alon Zahavi for reporting this issue. (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2023-11-12T00:00:00.000Z | Reported to Red Hat. |
| CNA | 2023-11-06T00:00:00.000Z | Made public. |
Workarounds
CNA: This flaw can be mitigated by explicitly setting the kernel parameter to restrict unprivileged users from using dmesg: ``` sudo sysctl -w kernel.dmesg_restrict=1 ``` To make it persistent between system reboots: ``` echo 'kernel.dmesg_restrict=1' | sudo tee -a /etc/sysctl.conf ```
Legacy QID Mappings
- 200116 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6639-1)
- 200171 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6681-1)
- 200173 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6680-1)
- 200178 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6680-2)
- 200179 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6686-1)
- 200183 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6681-2)
- 200191 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6686-2)
- 200192 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6681-3)
- 200202 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6701-1)
- 200203 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6681-4)
- 200204 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6680-3)
- 200206 Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-6686-3)
- 200208 Ubuntu Security Notification for Linux kernel (KVM) Vulnerabilities (USN-6686-4)
- 200209 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-6701-2)
- 200214 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6705-1)
- 200221 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-6716-1)
- 200222 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6701-3)
- 200231 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6686-5)
- 200244 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-6701-4)
- 357055 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2024-047
- 357057 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2024-035
- 6000419 Debian Security Update for linux (DSA 5594-1)
- 6000428 Debian Security Update for linux-5.10 (DLA 3711-1)
- 6140167 AWS Bottlerocket Security Update for kernel (GHSA-w733-hw44-6r84)
- 673321 EulerOS Security Update for kernel (EulerOS-SA-2024-1337)
- 673547 EulerOS Security Update for kernel (EulerOS-SA-2024-1315)
- 673723 EulerOS Security Update for kernel (EulerOS-SA-2024-1237)
- 673992 EulerOS Security Update for kernel (EulerOS-SA-2024-1215)
- 674156 EulerOS Security Update for kernel (EulerOS-SA-2024-1509)
- 674158 EulerOS Security Update for kernel (EulerOS-SA-2024-1488)
- 755604 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2024:0129-1)
- 755605 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2024:0120-1)
- 755606 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2024:0117-1)
- 755607 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2024:0115-1)
- 907838 Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (32210)