What is CVE-2023-6535?

CVE-2023-6535 is a medium-severity vulnerability in Linux Linux_kernel, classified under NULL Pointer Dereference. CVSS score: 6.5/10. Published 2024-02-07.

How severe is CVE-2023-6535?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2023-6535 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

NULL pointer dereference in Linux Linux_kernel

CVE-2023-6535

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe d…

EPSS: 0.015 (71.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Linux Linux_kernel
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8 — versions 0:4.18.0-513.18.1.rt7.320.el8_9, 0:4.18.0-513.18.1.el8_9
Red Hat Enterprise Linux 8.6 Extended Update Support — versions 0:4.18.0-372.91.1.el8_6
Red Hat Enterprise Linux 8.8 Extended Update Support — versions 0:4.18.0-477.58.1.el8_8
Red Hat Enterprise Linux 9 — versions 0:5.14.0-362.24.1.el9_3
Red Hat Enterprise Linux 9.2 Extended Update Support — versions 0:5.14.0-284.52.1.el9_2, 0:5.14.0-284.52.1.rt14.337.el9_2
Red Hat Virtualization 4 For Enterprise Linux 8 — versions 0:4.18.0-372.91.1.el8_6
Red Hat Rhol-5.8-rhel-9 — versions v5.8.6-22, v5.8.6-11, v6.8.1-407

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, Third Party Advisory, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Issue Tracking)

Frequently asked questions

What is CVE-2023-6535?: CVE-2023-6535 is a medium-severity vulnerability in Linux Linux_kernel, classified under NULL Pointer Dereference. CVSS score: 6.5/10. Published 2024-02-07.
How severe is CVE-2023-6535?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2023-6535 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.