CVE-2023-53124
scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by either
sas_end_device_alloc() or sas_expander_alloc(), all of which may return
NULL. So we need to check the rphy to avoid possible NULL pointer access. If sas_rphy_add() returned with failure, rphy is set to NULL. We would
access the rphy in the following lines which would also result NULL pointer
access.
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by either sas_end_device_alloc() or sas_expander_alloc(), all of which may return NULL. So we need to check the rphy to avoid possible NULL pointer access. If sas_rphy_add() returned with failure, rphy is set to NULL. We would access the rphy in the following lines which would also result NULL pointer access.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2025-05-02 CVE Reserved
- 2025-05-02 CVE Published
- 2025-05-02 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/d60000cb1195a464080b0efb4949daf7594e0020 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/ce1a69cc85006b494353911b35171da195d79e25 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/6a92129c8f999ff5b122c100ce7f625eb3e98c4b | Vuln. Introduced | |
| https://git.kernel.org/stable/c/d17bca3ddfe507874cb826d32721552da12e741f | Vuln. Introduced | |
| https://git.kernel.org/stable/c/78316e9dfc24906dd474630928ed1d3c562b568e | Vuln. Introduced | |
| https://git.kernel.org/stable/c/6f6768e2fc8638fabdd8802c2ef693d7aef01db1 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4.229 < 5.4.238 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.229 < 5.4.238" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.163 < 5.10.176 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.163 < 5.10.176" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.86 < 5.15.104 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.86 < 5.15.104" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.2 < 6.1.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.2 < 6.1.21" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.2 < 6.2.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.2.8" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.2 < 6.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.0.16 Search vendor "Linux" for product "Linux Kernel" and version "6.0.16" | en |
Affected
| ||||||