| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122431-CVE-2023-54014-9b8c@gregkh> Date: Wed, 24 Dec 2025 11:56:58 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-54014: scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Klocwork reported warning of rport maybe NULL and will be dereferenced. rport returned by call to fc_bsg_to_rport() could be NULL and dereferenced. Check valid rport returned by fc_bsg_to_rport(). The Linux kernel CVE team has assigned CVE-2023-54014 to this issue. Affected and fixed versions =========================== Fixed in 4.14.322 with commit f35bd94b4e11c41de90cd0fa72c9062e8196822f Fixed in 4.19.291 with commit ccd3bc595bda67db5a347b9050c2df28f292d3fb Fixed in 5.4.251 with commit 1b7e5bdf2be22ae8c61bdca5a5f96ec2746e9639 Fixed in 5.10.188 with commit 921d6844625527a92d1178262a633cc88a8e61bd Fixed in 5.15.121 with commit 1ccd52b790a66b8b5f75c87eab8c3a37f941a2bf Fixed in 6.1.40 with commit e466930717ef18c112585a39fc6174d8eb441df5 Fixed in 6.4.5 with commit ced5460eae772e847debbc0b65ef93aedab92d3f Fixed in 6.5 with commit af73f23a27206ffb3c477cac75b5fcf03410556e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-54014 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/qla2xxx/qla_bsg.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f35bd94b4e11c41de90cd0fa72c9062e8196822f https://git.kernel.org/stable/c/ccd3bc595bda67db5a347b9050c2df28f292d3fb https://git.kernel.org/stable/c/1b7e5bdf2be22ae8c61bdca5a5f96ec2746e9639 https://git.kernel.org/stable/c/921d6844625527a92d1178262a633cc88a8e61bd https://git.kernel.org/stable/c/1ccd52b790a66b8b5f75c87eab8c3a37f941a2bf https://git.kernel.org/stable/c/e466930717ef18c112585a39fc6174d8eb441df5 https://git.kernel.org/stable/c/ced5460eae772e847debbc0b65ef93aedab92d3f https://git.kernel.org/stable/c/af73f23a27206ffb3c477cac75b5fcf03410556e
Powered by blists - more mailing lists