CVE-2023-54054 — Out-of-bounds Write in Kernel

CWE-787 — Out-of-bounds Write5 documents4 sources

Severity

6.5MEDIUM

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel

Timeline

PublishedDec 24

Description

kernel: scsi: qla2xxx: Fix buffer overrun No description is available for this CVE. Statement: This issue is a driver-level buffer overrun caused by using an oversized structure when calculating the copy length for a nested buffer in the qla2xxx Fibre Channel driver. The flaw can result in memory corruption leading to a kernel crash or I/O disruption, but it does not provide a controlled overwrite primitive. As the data source is a local FC adapter/firmware and the code runs during device init…

Affected Packages2 packages

▶Linuxlinux/linux_kernel5.11.0 — 5.15.121+3

▶Debianlinux/linux_kernel< 5.10.191-1+3

🔴Vulnerability Details

OSV

CVE-2023-54054: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix buffer overrun Klocwork warning: Buffer Overflow - Array Index↗2025-12-24

▶

OSV

scsi: qla2xxx: Fix buffer overrun↗2025-12-24

▶

GHSA

GHSA-ch2x-wwr8-7fwg: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix buffer overrun Klocwork warning: Buffer Overflow - Array Inde↗2025-12-24

▶

📋Vendor Advisories

Red Hat

kernel: scsi: qla2xxx: Fix buffer overrun↗2025-12-24

▶

🕵️Threat Intelligence

Wiz

CVE-2023-54054 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶