CVE-2023-6238 MEDIUM

CVE-2023-6238: Kernel: nvme: memory corruption via unprivileged user passthrough

Vendor N/A
Product kernel
Weakness CWE-120
Published November 21, 2023
Last update October 17, 2024

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.

Key dates

02Disclosure timeline

November 21, 2023 CVE published
October 17, 2024 Record updated