CVE-2023-6121 MEDIUM

CVE-2023-6121: Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-125
Published November 16, 2023
Last update May 12, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).

Key dates

02Disclosure timeline

November 16, 2023 CVE published
May 12, 2026 Record updated