CVE-2023-6121
Published: 16 November 2023
Summary
CVE-2023-6121 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique System Information Discovery (T1082); ranked in the top 28.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58376
Vulnerability details
An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and…
more
potentially leaked to the kernel ring buffer (dmesg).
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds read in Linux kernel NVMe-oF/TCP leaks kmalloc heap data to kernel ring buffer (dmesg), enabling remote-triggered disclosure of system information such as kernel details or configurations.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.