CVE-2023-54289Access of Uninitialized Pointer in Linux

CWE-824Access of Uninitialized Pointer7 documents6 sources
Severity
4.7MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return directly. In particular the "qedf->global_queues" have not been allocated so calling qedf_free_global_queues() will lead to a NULL dereference when we check if (!gl[i]) and "gl" is NULL.

Affected Packages4 packages

Linuxlinux/linux_kernel4.11.05.4.251+5
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux61d8658b4a435eac729966cc94cdda077a8df5cd961c8370c5f7e80a267680476e1bcff34bffe71a+7
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
scsi: qedf: Fix NULL dereference in error handling2025-12-30
OSV
CVE-2023-54289: In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/q2025-12-30
GHSA
GHSA-qw59-8j4j-9xwf: In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scs2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: scsi: qedf: Fix NULL dereference in error handling2025-12-30
Debian
CVE-2023-54289: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: qedf:...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54289 Impact, Exploitability, and Mitigation Steps | Wiz