| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100103-CVE-2023-53451-bb02@gregkh> Date: Wed, 1 Oct 2025 13:42:21 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53451: scsi: qla2xxx: Fix potential NULL pointer dereference From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer. The Linux kernel CVE team has assigned CVE-2023-53451 to this issue. Affected and fixed versions =========================== Fixed in 4.14.322 with commit 02405f4023866ae91a611b5b85cb2e074ec2de5a Fixed in 4.19.291 with commit ee4c9a93238b9ce3703942500cb1aeacf77090d2 Fixed in 5.4.251 with commit 4f90a8b0481615622bd0558aa8cf361bea872045 Fixed in 5.10.188 with commit 2bea9c1c983152c5411f5a2f1113cb790ce1389d Fixed in 5.15.121 with commit 5a52a2e14fe866541bbc0033058e44bf0bf0c580 Fixed in 6.1.40 with commit ce2cdbe530b0066bae1f98dbab590a232d507eaa Fixed in 6.4.5 with commit af7affc0f6b82a5bde430fc4f0dcf70963442fbc Fixed in 6.5 with commit 464ea494a40c6e3e0e8f91dd325408aaf21515ba Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53451 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/qla2xxx/qla_iocb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/02405f4023866ae91a611b5b85cb2e074ec2de5a https://git.kernel.org/stable/c/ee4c9a93238b9ce3703942500cb1aeacf77090d2 https://git.kernel.org/stable/c/4f90a8b0481615622bd0558aa8cf361bea872045 https://git.kernel.org/stable/c/2bea9c1c983152c5411f5a2f1113cb790ce1389d https://git.kernel.org/stable/c/5a52a2e14fe866541bbc0033058e44bf0bf0c580 https://git.kernel.org/stable/c/ce2cdbe530b0066bae1f98dbab590a232d507eaa https://git.kernel.org/stable/c/af7affc0f6b82a5bde430fc4f0dcf70963442fbc https://git.kernel.org/stable/c/464ea494a40c6e3e0e8f91dd325408aaf21515ba
Powered by blists - more mailing lists