CVE-2023-6238

Description

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.

PUBLISHED Reserved 2023-11-21 | Published 2023-11-21 | Updated 2024-10-17 | Assigner redhat

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Timeline

References

access.redhat.com/security/cve/CVE-2023-6238 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2250834 (RHBZ#2250834) issue-tracking

cve.org (CVE-2023-6238)

nvd.nist.gov (CVE-2023-6238)

Download JSON