{"id":"CVE-2023-52454","summary":"nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length\n\nIf the host sends an H2CData command with an invalid DATAL,\nthe kernel may crash in nvmet_tcp_build_pdu_iovec().\n\nUnable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\nlr : nvmet_tcp_io_work+0x6ac/0x718 [nvmet_tcp]\nCall trace:\n  process_one_work+0x174/0x3c8\n  worker_thread+0x2d0/0x3e8\n  kthread+0x104/0x110\n\nFix the bug by raising a fatal error if DATAL isn't coherent\nwith the packet size.\nAlso, the PDU length should never exceed the MAXH2CDATA parameter which\nhas been communicated to the host in nvmet_tcp_handle_icreq().","modified":"2026-04-11T12:46:30.639437Z","published":"2024-02-23T14:46:17.827Z","related":["SUSE-SU-2024:1320-1","SUSE-SU-2024:1321-1","SUSE-SU-2024:1454-1","SUSE-SU-2024:1465-1","SUSE-SU-2024:1466-1","SUSE-SU-2024:1480-1","SUSE-SU-2024:1489-1","SUSE-SU-2024:1490-1","SUSE-SU-2024:1643-1","SUSE-SU-2024:1646-1","SUSE-SU-2024:1870-1","USN-6818-2","USN-6819-2"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52454.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/24e05760186dc070d3db190ca61efdbce23afc88"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2871aa407007f6f531fae181ad252486e022df42"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4cb3cf7177ae3666be7fb27d4ad4d72a295fb02d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/70154e8d015c9b4fb56c1a2ef1fc8b83d45c7f68"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ee5e7632e981673f42a50ade25e71e612e543d9d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/efa56305908ba20de2104f1b8508c6a7401833be"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f775f2621c2ac5cc3a0b3a64665dad4fb146e510"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52454.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52454"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"872d26a391da92ed8f0c0f5cb5fef428067b7f30"},{"fixed":"ee5e7632e981673f42a50ade25e71e612e543d9d"},{"fixed":"f775f2621c2ac5cc3a0b3a64665dad4fb146e510"},{"fixed":"4cb3cf7177ae3666be7fb27d4ad4d72a295fb02d"},{"fixed":"2871aa407007f6f531fae181ad252486e022df42"},{"fixed":"24e05760186dc070d3db190ca61efdbce23afc88"},{"fixed":"70154e8d015c9b4fb56c1a2ef1fc8b83d45c7f68"},{"fixed":"efa56305908ba20de2104f1b8508c6a7401833be"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52454.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.0.0"},{"fixed":"5.4.268"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.209"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.148"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.75"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.14"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.7.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52454.json"}}],"schema_version":"1.7.5"}