CVE-2023-54234Access of Uninitialized Pointer in Linux

CWE-824Access of Uninitialized Pointer7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtack_cmds but initialization of the array elements was missed. They are just zero cleared. The function mpi3mr_complete_evt_ack() refers host_tag field of the elements. Due to the zero value of the host_tag field, the function calls clear_bit() for mrico->evtack_cmds_bitm

Affected Packages4 packages

Linuxlinux/linux_kernel5.17.06.1.16+1
Debianlinux/linux_kernel< 6.1.20-1+2
CVEListV5linux/linuxc1af985d27da2d530c22604644e9025810f57d7c4e0dfdb48a824deac3dfbc67fb856ef2aee13529+3
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54234: In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization Commit c1af985d27da ("2025-12-30
OSV
scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization2025-12-30
GHSA
GHSA-6fx2-6qwr-35w9: In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization Commit c1af985d27da2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization2025-12-30
Debian
CVE-2023-54234: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3m...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54234 Impact, Exploitability, and Mitigation Steps | Wiz