Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by either sas_end_device_alloc() or sas_expander_alloc(), all of which may return NULL. So we need to check the rphy to avoid possible NULL pointer access. If sas_rphy_add() returned with failure, rphy is set to NULL. We would access the rphy in the following lines which would also result NULL pointer access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.4.229, < 5.4.238 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/090305c36185c0547e4441d4c08f1cf096b32134Patch
- https://git.kernel.org/stable/c/6f0c2f70d9929208d8427ec72c3ed91e2251e289Patch
- https://git.kernel.org/stable/c/9937f784a608944107dcc2ba9a9c3333f8330b9ePatch
- https://git.kernel.org/stable/c/a26c775ccc4cfe46f9b718b51bd24313053c7e0bPatch
- https://git.kernel.org/stable/c/b5e5bbb3fa5f8412e96c5eda7f4a4af6241d6bd3Patch
- https://git.kernel.org/stable/c/d3c57724f1569311e4b81e98fad0931028b9bdcdPatch
FAQ
What is CVE-2023-53124?
CVE-2023-53124 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is alloc...
How severe is CVE-2023-53124?
CVE-2023-53124 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53124?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.