CVE-2023-53627NULL Pointer Dereference in Linux

CWE-476NULL Pointer DereferenceCWE-820Missing Synchronization6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 7
Latest updateApr 20

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list When freeing slots in function slot_complete_v3_hw(), it is possible that sas_dev.list is being traversed elsewhere, and it may trigger a NULL pointer exception, such as follows: ==>cq thread ==>scsi_eh_6 ==>scsi_error_handler() ==>sas_eh_handle_sas_errors() ==>sas_scsi_find_task() ==>lldd_abort_task() ==>slot_complete_v3_hw() ==>hisi_sas_abort_tas

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel4.56.3.4
Debianlinux/linux_kernel< 6.3.7-1+1
CVEListV5linux/linux47caad1577cd7a39e2048c5e4edbce4b863dc12b6e2a40b3a332ea84079983be21c944de8ddbc4f3+2
debiandebian/linux< linux 6.3.7-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
VulDB
Linux Kernel up to 6.3.3 scsi slot_complete_v3_hw null pointer dereference (EUVD-2025-32016 / WID-SEC-2025-2229)2026-04-20
GHSA
GHSA-2v3f-c84w-3jx7: In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev2025-10-07
OSV
CVE-2023-53627: In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev2025-10-07

📋Vendor Advisories

2
Red Hat
kernel: scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list2025-10-07
Debian
CVE-2023-53627: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_...2023