Cyber Resilience

CVE-2023-6121

MediumUpdated

Published: 16 November 2023

Published
16 November 2023
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0066 71.6th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6121 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Information Discovery (T1082); ranked in the top 28.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and…

more

potentially leaked to the kernel ring buffer (dmesg).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
Why these techniques?

Out-of-bounds read in Linux kernel NVMe-oF/TCP leaks kmalloc heap data to kernel ring buffer (dmesg), enabling remote-triggered disclosure of system information such as kernel details or configurations.

Affected Assets

redhat
enterprise linux
6.0, 7.0, 8.0, 9.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References