CVE-2023-0122
HIGHLinux kernel 6.0-rc1-6.0-rc3 - Unauthenticated Denial of Service via NVMe nvmet_setup_auth() NULL Pointer Dereference
Title source: llmDescription
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.
References (3)
Core 3
Core References
Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da0342a3aa0357795224e6283df86444e1117168
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230302-0002/
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2023/01/18/1
Scores
CVSS v3
7.5
EPSS
0.0128
EPSS Percentile
66.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (1)
linux/linux_kernel
6.0 rc1 (3 CPE variants)
Published
Jan 17, 2023
Tracked Since
Feb 18, 2026