Login Sign Up

CVE-2023-5178

8.8 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability in the NVMe/TCP subsystem of the Linux kernel that could allow attackers to execute arbitrary code or escalate privileges. It affects Linux systems with NVMe over TCP functionality enabled. The vulnerability requires local or network access to the NVMe/TCP service.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions with NVMe/TCP support, specifically affected versions before fixes in various distributions
Operating Systems: Linux distributions including RHEL, CentOS, Fedora, Ubuntu, Debian
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if NVMe over TCP functionality is enabled and in use. Not all systems have this configured by default.

📦 What is this software?

Active Iq Unified Manager by Netapp

View all CVEs affecting Active Iq Unified Manager →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire \& Hci Management Node by Netapp

View all CVEs affecting Solidfire \& Hci Management Node →

Solidfire \& Hci Storage Node by Netapp

View all CVEs affecting Solidfire \& Hci Storage Node →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise or local privilege escalation to root access.

🟠

Likely Case

Kernel panic causing denial of service or limited privilege escalation.

🟢

If Mitigated

No impact if NVMe/TCP is disabled or systems are properly patched.

🌐 Internet-Facing: MEDIUM - Requires NVMe/TCP exposed to network, which is less common than other services.
🏢 Internal Only: HIGH - Internal attackers with access to NVMe/TCP could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires access to NVMe/TCP service and knowledge of kernel memory layout. No public exploit code has been reported.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by distribution - see Red Hat advisories for specific kernel versions

Vendor Advisory: https://access.redhat.com/errata/RHSA-2023:7370

Restart Required: Yes

Instructions:

1. Check current kernel version. 2. Update kernel package using distribution's package manager. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable NVMe/TCP

linux

Disable the NVMe over TCP functionality if not required

modprobe -r nvmet-tcp
echo 'blacklist nvmet-tcp' > /etc/modprobe.d/disable-nvmet-tcp.conf

🧯 If You Can't Patch

  • Disable NVMe/TCP functionality completely
  • Restrict network access to NVMe/TCP services using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check if nvmet_tcp module is loaded: lsmod | grep nvmet_tcp

Check Version:

uname -r

Verify Fix Applied:

Check kernel version after update and reboot: uname -r

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • OOM killer activity related to nvmet
  • Unexpected process crashes

Network Indicators:

  • Unexpected connections to NVMe/TCP port 4420
  • Abnormal NVMe/TCP protocol traffic

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "BUG") AND "nvmet"

📊 Metadata

CVE ID: CVE-2023-5178
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-1341
Published: November 1, 2023
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5178, you might also want to check these:

CVE-2025-0665 9.8

libcurl incorrectly closes the same eventfd file descriptor twice during threaded name resolution cl...

Same vulnerability type (CWE-1341)