CVE-2023-53603 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 96.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sa_ctl is NULL and fcport is allocated after the exit call thus causing NULL fcport pointer to dereference at the time of exit. To avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel5.15.61 — 5.15.121+3

▶Debianlinux/linux_kernel< 6.1.52-1+2

▶CVEListV5linux/linux7b2fbfa4b2cd3a24c1760b85d842e928070d4744 — 4406fe8a96a946c7ea5724ee59625755a1d9c59d+6

▶debiandebian/linux< linux 6.1.52-1 (bookworm)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-2795-wfr2-m5v3: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NUL↗2025-10-04

▶

OSV

CVE-2023-53603: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL↗2025-10-04

▶

📋Vendor Advisories

Red Hat

kernel: scsi: qla2xxx: Avoid fcport pointer dereference↗2025-10-04

▶

Debian

CVE-2023-53603: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2x...↗2023

▶