CVE-2023-6535

NameCVE-2023-6535
DescriptionA flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3841-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1fixed
bullseye (security)5.10.226-1fixed
bookworm6.1.115-1fixed
bookworm (security)6.1.119-1fixed
sid, trixie6.11.10-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebullseye5.10.209-1
linuxsourcebookworm6.1.76-1
linuxsource(unstable)6.6.15-1
linux-5.10sourcebuster5.10.209-2~deb10u1DLA-3841-1

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=2254053
https://git.kernel.org/linus/efa56305908ba20de2104f1b8508c6a7401833be (6.8-rc1)
https://git.kernel.org/linus/0849a5441358cef02586fb2d60f707c0db195628 (6.8-rc1)
https://git.kernel.org/linus/9a1abc24850eb759e36a2f8869161c3b7254c904 (6.8-rc1)

Search for package or bug name: Reporting problems