Buffer overflow in Linux kernel - CVE-2023-6238

 

Buffer overflow in Linux kernel - CVE-2023-6238

Published: June 20, 2024


Vulnerability identifier: #VU92724
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-6238
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local privileged user to execute arbitrary code.

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.


How to mitigate CVE-2023-6238

Install update from vendor's repository.

Sources