| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091552-CVE-2023-53150-29b0@gregkh> Date: Mon, 15 Sep 2025 16:02:13 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53150: scsi: qla2xxx: Pointer may be dereferenced From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fc_bsg_to_rport() may be NULL and will be dereferenced. Add a fix to validate rport before dereferencing. The Linux kernel CVE team has assigned CVE-2023-53150 to this issue. Affected and fixed versions =========================== Fixed in 4.14.322 with commit 005961bd8f066fe931104f67c34ebfcc7f240099 Fixed in 4.19.291 with commit a69125a3ce88d9a386872034e7664b30cc4bcbed Fixed in 5.4.251 with commit 3f22f9ddbb29dba369daddb084be3bacf1587529 Fixed in 5.10.188 with commit 5addd62586a94a572359418464ce0ae12fa46187 Fixed in 5.15.121 with commit 0715da51391d223bf4981e28346770edea7eeb74 Fixed in 6.1.40 with commit b06d1b525364bbcf4929b4b35d81945b10dc9883 Fixed in 6.4.5 with commit 22b1d7c8bb59c3376430a8bad5840194b12bf29a Fixed in 6.5 with commit 00eca15319d9ce8c31cdf22f32a3467775423df4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53150 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/qla2xxx/qla_bsg.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/005961bd8f066fe931104f67c34ebfcc7f240099 https://git.kernel.org/stable/c/a69125a3ce88d9a386872034e7664b30cc4bcbed https://git.kernel.org/stable/c/3f22f9ddbb29dba369daddb084be3bacf1587529 https://git.kernel.org/stable/c/5addd62586a94a572359418464ce0ae12fa46187 https://git.kernel.org/stable/c/0715da51391d223bf4981e28346770edea7eeb74 https://git.kernel.org/stable/c/b06d1b525364bbcf4929b4b35d81945b10dc9883 https://git.kernel.org/stable/c/22b1d7c8bb59c3376430a8bad5840194b12bf29a https://git.kernel.org/stable/c/00eca15319d9ce8c31cdf22f32a3467775423df4
Powered by blists - more mailing lists