CVE-2023-6238

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Nov 21, 2023

Updated: Feb 7, 2024

CWE ID 120

Summary

CVE-2023-6238 represents a buffer overflow vulnerability present in the NVM Express (NVMe) driver integrated in the Linux kernel. Maliciously sized meta buffers can be utilized by privileged users, enabling the device to perform larger Direct Memory Access (DMA) transfers into the same buffer. As a result, unrelated kernel memory gets overwritten, leading to random kernel crashes and memory corruption.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel
Fedora Operating System

Affected Vendors

LINUX
Fedora Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tgLEWp
https://www.cve.org/CVERecord?id=CVE-2023-6238
https://nvd.nist.gov/vuln/detail/CVE-2023-6238

Back to Vulnerability Database