{"id":"CVE-2023-6121","details":"An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer (dmesg).","modified":"2026-03-14T14:54:53.714411Z","published":"2023-11-16T15:15:11.197Z","related":["ALSA-2024:2394","SUSE-SU-2024:0110-1","SUSE-SU-2024:0113-1","SUSE-SU-2024:0115-1","SUSE-SU-2024:0117-1","SUSE-SU-2024:0118-1","SUSE-SU-2024:0120-1","SUSE-SU-2024:0129-1","SUSE-SU-2024:0141-1","SUSE-SU-2024:0153-1","SUSE-SU-2024:0154-1","SUSE-SU-2024:0156-1","SUSE-SU-2024:0160-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2394"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2950"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:3138"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-6121"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2250043"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6121.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}