| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120843-CVE-2023-53754-c601@gregkh> Date: Mon, 8 Dec 2025 10:19:53 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53754: scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() When if_type equals zero and pci_resource_start(pdev, PCI_64BIT_BAR4) returns false, drbl_regs_memmap_p is not remapped. This passes a NULL pointer to iounmap(), which can trigger a WARN() on certain arches. When if_type equals six and pci_resource_start(pdev, PCI_64BIT_BAR4) returns true, drbl_regs_memmap_p may has been remapped and ctrl_regs_memmap_p is not remapped. This is a resource leak and passes a NULL pointer to iounmap(). To fix these issues, we need to add null checks before iounmap(), and change some goto labels. The Linux kernel CVE team has assigned CVE-2023-53754 to this issue. Affected and fixed versions =========================== Issue introduced in 4.17 with commit 1351e69fc6db30e186295f1c9495d03cef6a01a2 and fixed in 5.4.243 with commit 74d90f92eafe8ccd12827228236a28a94eda6bcc Issue introduced in 4.17 with commit 1351e69fc6db30e186295f1c9495d03cef6a01a2 and fixed in 5.10.180 with commit bab8dc38b1a0a12bc064fc064269033bdcf5b88e Issue introduced in 4.17 with commit 1351e69fc6db30e186295f1c9495d03cef6a01a2 and fixed in 5.15.111 with commit fd8c83d8375b9dac1949f2753485a5c055ebfad0 Issue introduced in 4.17 with commit 1351e69fc6db30e186295f1c9495d03cef6a01a2 and fixed in 6.1.28 with commit e6f1ef4a53856ed000b0f7265d7e16dcb00f4243 Issue introduced in 4.17 with commit 1351e69fc6db30e186295f1c9495d03cef6a01a2 and fixed in 6.2.15 with commit 631d0fab143bef85ea0813596f1dda36e2b9724c Issue introduced in 4.17 with commit 1351e69fc6db30e186295f1c9495d03cef6a01a2 and fixed in 6.3.2 with commit 7e5a54d1f00725a739dcd20f616d82eff4f764bd Issue introduced in 4.17 with commit 1351e69fc6db30e186295f1c9495d03cef6a01a2 and fixed in 6.4 with commit 91a0c0c1413239d0548b5aac4c82f38f6d53a91e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53754 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/lpfc/lpfc_init.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/74d90f92eafe8ccd12827228236a28a94eda6bcc https://git.kernel.org/stable/c/bab8dc38b1a0a12bc064fc064269033bdcf5b88e https://git.kernel.org/stable/c/fd8c83d8375b9dac1949f2753485a5c055ebfad0 https://git.kernel.org/stable/c/e6f1ef4a53856ed000b0f7265d7e16dcb00f4243 https://git.kernel.org/stable/c/631d0fab143bef85ea0813596f1dda36e2b9724c https://git.kernel.org/stable/c/7e5a54d1f00725a739dcd20f616d82eff4f764bd https://git.kernel.org/stable/c/91a0c0c1413239d0548b5aac4c82f38f6d53a91e
Powered by blists - more mailing lists