CVE-2023-54156NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as the NIC has been fini'd. In this case do not attempt to fetch the latest stats from the hardware, else we will crash on a NULL dereference: BUG: kernel NULL pointer dereference, address: 0000000000000038 RIP efx_nic_update_stats abridged calltrace:

Affected Packages4 packages

Linuxlinux/linux_kernel5.9.05.10.188+4
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxd3142c193dca9a2f6878f4128ce1aaf221bb3f99cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb+6
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
sfc: fix crash when reading stats while NIC is resetting2025-12-24
OSV
CVE-2023-54156: In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (2025-12-24
GHSA
GHSA-6qcc-hqxv-5rww: In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: sfc: fix crash when reading stats while NIC is resetting2025-12-24
Debian
CVE-2023-54156: linux - In the Linux kernel, the following vulnerability has been resolved: sfc: fix cr...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54156 Impact, Exploitability, and Mitigation Steps | Wiz