Vulnerability-Lookup

BDU:2026-01190

Vulnerability from fstec - Published: 08.05.2023

Title

Уязвимость функции qedf_alloc_global_queues() модуля drivers/scsi/qedf/qedf_main.c драйвера устройств SCSI ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции qedf_alloc_global_queues() модуля drivers/scsi/qedf/qedf_main.c драйвера устройств SCSI ядра операционной системы Linux связана с разыменованием указателей. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Red Hat Inc., Сообщество свободного программного обеспечения

Software Name

Red Hat Enterprise Linux, Debian GNU/Linux, Linux

Software Version

7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 9 (Red Hat Enterprise Linux), от 5.5 до 5.10.187 включительно (Linux), от 5.11 до 5.15.120 включительно (Linux), от 5.16 до 6.1.38 включительно (Linux), от 6.2 до 6.3.12 включительно (Linux), от 6.4 до 6.4.3 включительно (Linux), от 4.11 до 5.4.250 включительно (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://lore.kernel.org/linux-cve-announce/2025123028-CVE-2023-54289-5309@gregkh/ https://git.kernel.org/stable/c/961c8370c5f7e80a267680476e1bcff34bffe71a https://git.kernel.org/stable/c/ac64019e4d4b08c23edb117e0b2590985e33de1d https://git.kernel.org/stable/c/b1de5105d29b145b727b797e2d5de071ab3a7ca1 https://git.kernel.org/stable/c/c316bde418af4c2a9df51149ed01d1bd8ca5bebf https://git.kernel.org/stable/c/08c001c1e9444a3046c79a99aa93ac48073b18cc https://git.kernel.org/stable/c/271c9b2eb60149afbeab28cb39e52f73bde9900c https://git.kernel.org/linus/f025312b089474a54e4859f3453771314d9e3d4f https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.251 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.188 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.121 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.39 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.13 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.4 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2023-54289 Для продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2023-54289

Reference

https://www.cve.org/CVERecord?id=CVE-2023-54289 https://git.kernel.org/stable/c/961c8370c5f7e80a267680476e1bcff34bffe71a https://git.kernel.org/stable/c/ac64019e4d4b08c23edb117e0b2590985e33de1d https://git.kernel.org/stable/c/b1de5105d29b145b727b797e2d5de071ab3a7ca1 https://git.kernel.org/stable/c/c316bde418af4c2a9df51149ed01d1bd8ca5bebf https://git.kernel.org/stable/c/08c001c1e9444a3046c79a99aa93ac48073b18cc https://git.kernel.org/stable/c/271c9b2eb60149afbeab28cb39e52f73bde9900c https://git.kernel.org/linus/f025312b089474a54e4859f3453771314d9e3d4f https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.251 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.188 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.121 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.39 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.13 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.4 https://lore.kernel.org/linux-cve-announce/2025123028-CVE-2023-54289-5309@gregkh/ https://security-tracker.debian.org/tracker/CVE-2023-54289 https://access.redhat.com/security/cve/cve-2023-54289

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 8 (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 9 (Red Hat Enterprise Linux), \u043e\u0442 5.5 \u0434\u043e 5.10.187 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.120 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.16 \u0434\u043e 6.1.38 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 6.2 \u0434\u043e 6.3.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 6.4 \u0434\u043e 6.4.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.11 \u0434\u043e 5.4.250 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2025123028-CVE-2023-54289-5309@gregkh/\nhttps://git.kernel.org/stable/c/961c8370c5f7e80a267680476e1bcff34bffe71a\nhttps://git.kernel.org/stable/c/ac64019e4d4b08c23edb117e0b2590985e33de1d\nhttps://git.kernel.org/stable/c/b1de5105d29b145b727b797e2d5de071ab3a7ca1\nhttps://git.kernel.org/stable/c/c316bde418af4c2a9df51149ed01d1bd8ca5bebf\nhttps://git.kernel.org/stable/c/08c001c1e9444a3046c79a99aa93ac48073b18cc\nhttps://git.kernel.org/stable/c/271c9b2eb60149afbeab28cb39e52f73bde9900c\nhttps://git.kernel.org/linus/f025312b089474a54e4859f3453771314d9e3d4f\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.251\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.188\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.121\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.39\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.13\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.4\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-54289\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2023-54289",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.05.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.02.2026",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-01190",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-54289",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , Red Hat Inc. Red Hat Enterprise Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5 \u0434\u043e 5.10.187 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.15.120 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.16 \u0434\u043e 6.1.38 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.2 \u0434\u043e 6.3.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.4 \u0434\u043e 6.4.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 4.11 \u0434\u043e 5.4.250 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 qedf_alloc_global_queues() \u043c\u043e\u0434\u0443\u043b\u044f drivers/scsi/qedf/qedf_main.c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SCSI \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 qedf_alloc_global_queues() \u043c\u043e\u0434\u0443\u043b\u044f drivers/scsi/qedf/qedf_main.c \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 SCSI \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cve.org/CVERecord?id=CVE-2023-54289\nhttps://git.kernel.org/stable/c/961c8370c5f7e80a267680476e1bcff34bffe71a\nhttps://git.kernel.org/stable/c/ac64019e4d4b08c23edb117e0b2590985e33de1d\nhttps://git.kernel.org/stable/c/b1de5105d29b145b727b797e2d5de071ab3a7ca1\nhttps://git.kernel.org/stable/c/c316bde418af4c2a9df51149ed01d1bd8ca5bebf\nhttps://git.kernel.org/stable/c/08c001c1e9444a3046c79a99aa93ac48073b18cc\nhttps://git.kernel.org/stable/c/271c9b2eb60149afbeab28cb39e52f73bde9900c\nhttps://git.kernel.org/linus/f025312b089474a54e4859f3453771314d9e3d4f\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.251\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.188\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.121\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.39\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.13\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.4\nhttps://lore.kernel.org/linux-cve-announce/2025123028-CVE-2023-54289-5309@gregkh/\nhttps://security-tracker.debian.org/tracker/CVE-2023-54289\nhttps://access.redhat.com/security/cve/cve-2023-54289",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CVE-2023-54289 (GCVE-0-2023-54289)

Vulnerability from cvelistv5 – Published: 2025-12-30 12:23 – Updated: 2025-12-30 12:23

Title

scsi: qedf: Fix NULL dereference in error handling

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return directly. In particular the "qedf->global_queues" have not been allocated so calling qedf_free_global_queues() will lead to a NULL dereference when we check if (!gl[i]) and "gl" is NULL.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/961c8370c5f7e80a2…
	https://git.kernel.org/stable/c/ac64019e4d4b08c23…
	https://git.kernel.org/stable/c/b1de5105d29b145b7…
	https://git.kernel.org/stable/c/c316bde418af4c2a9…
	https://git.kernel.org/stable/c/08c001c1e9444a304…
	https://git.kernel.org/stable/c/271c9b2eb60149afb…
	https://git.kernel.org/stable/c/f025312b089474a54…

Impacted products

Vendor

Product

Version

Linux

Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < 961c8370c5f7e80a267680476e1bcff34bffe71a (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < ac64019e4d4b08c23edb117e0b2590985e33de1d (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < b1de5105d29b145b727b797e2d5de071ab3a7ca1 (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < c316bde418af4c2a9df51149ed01d1bd8ca5bebf (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < 08c001c1e9444a3046c79a99aa93ac48073b18cc (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < 271c9b2eb60149afbeab28cb39e52f73bde9900c (git)
Affected: 61d8658b4a435eac729966cc94cdda077a8df5cd , < f025312b089474a54e4859f3453771314d9e3d4f (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 5.4.251 , ≤ 5.4.* (semver)
Unaffected: 5.10.188 , ≤ 5.10.* (semver)
Unaffected: 5.15.121 , ≤ 5.15.* (semver)
Unaffected: 6.1.39 , ≤ 6.1.* (semver)
Unaffected: 6.3.13 , ≤ 6.3.* (semver)
Unaffected: 6.4.4 , ≤ 6.4.* (semver)
Unaffected: 6.5 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qedf/qedf_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "961c8370c5f7e80a267680476e1bcff34bffe71a",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "ac64019e4d4b08c23edb117e0b2590985e33de1d",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "b1de5105d29b145b727b797e2d5de071ab3a7ca1",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "c316bde418af4c2a9df51149ed01d1bd8ca5bebf",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "08c001c1e9444a3046c79a99aa93ac48073b18cc",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "271c9b2eb60149afbeab28cb39e52f73bde9900c",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            },
            {
              "lessThan": "f025312b089474a54e4859f3453771314d9e3d4f",
              "status": "affected",
              "version": "61d8658b4a435eac729966cc94cdda077a8df5cd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qedf/qedf_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.251",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.188",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.121",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.*",
              "status": "unaffected",
              "version": "6.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.5",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.251",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.188",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.121",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.39",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.13",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4.4",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Fix NULL dereference in error handling\n\nSmatch reported:\n\ndrivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues()\nwarn: missing unwind goto?\n\nAt this point in the function, nothing has been allocated so we can return\ndirectly. In particular the \"qedf-\u003eglobal_queues\" have not been allocated\nso calling qedf_free_global_queues() will lead to a NULL dereference when\nwe check if (!gl[i]) and \"gl\" is NULL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-30T12:23:28.430Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/961c8370c5f7e80a267680476e1bcff34bffe71a"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac64019e4d4b08c23edb117e0b2590985e33de1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1de5105d29b145b727b797e2d5de071ab3a7ca1"
        },
        {
          "url": "https://git.kernel.org/stable/c/c316bde418af4c2a9df51149ed01d1bd8ca5bebf"
        },
        {
          "url": "https://git.kernel.org/stable/c/08c001c1e9444a3046c79a99aa93ac48073b18cc"
        },
        {
          "url": "https://git.kernel.org/stable/c/271c9b2eb60149afbeab28cb39e52f73bde9900c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f025312b089474a54e4859f3453771314d9e3d4f"
        }
      ],
      "title": "scsi: qedf: Fix NULL dereference in error handling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54289",
    "datePublished": "2025-12-30T12:23:28.430Z",
    "dateReserved": "2025-12-30T12:06:44.526Z",
    "dateUpdated": "2025-12-30T12:23:28.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2026-01190

CVE-2023-54289 (GCVE-0-2023-54289)

Tags

Sightings

Nomenclature