CVE-2023-54289

scsi: qedf: Fix NULL dereference in error handling

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues()
warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return
directly. In particular the "qedf->global_queues" have not been allocated
so calling qedf_free_global_queues() will lead to a NULL dereference when
we check if (!gl[i]) and "gl" is NULL.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-12-30 CVE Reserved
2025-12-30 CVE Published
2025-12-31 CVE Updated
2025-12-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/61d8658b4a435eac729966cc94cdda077a8df5cd	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/961c8370c5f7e80a267680476e1bcff34bffe71a	2023-07-27
https://git.kernel.org/stable/c/ac64019e4d4b08c23edb117e0b2590985e33de1d	2023-07-27
https://git.kernel.org/stable/c/b1de5105d29b145b727b797e2d5de071ab3a7ca1	2023-07-23
https://git.kernel.org/stable/c/c316bde418af4c2a9df51149ed01d1bd8ca5bebf	2023-07-19
https://git.kernel.org/stable/c/08c001c1e9444a3046c79a99aa93ac48073b18cc	2023-07-11
https://git.kernel.org/stable/c/271c9b2eb60149afbeab28cb39e52f73bde9900c	2023-07-19
https://git.kernel.org/stable/c/f025312b089474a54e4859f3453771314d9e3d4f	2023-05-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.4.251 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.4.251"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.10.188 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.10.188"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 5.15.121 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 5.15.121"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.1.39 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.1.39"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.3.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.3.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.4.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.4.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.11 < 6.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.11 < 6.5"		en		Affected