CVE-2023-52508

Summary

In the Linux kernel, the following vulnerability has been resolved:

nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()

The nvme_fc_fcp_op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation.

Add validation of the request structure pointer before dereference.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux827fc630e4c8087df5a8e8ee013b686bd6f13736 < be90c9e29dd59b7d19a73297a1590ff3ec1d22eaaffected
LinuxLinux827fc630e4c8087df5a8e8ee013b686bd6f13736 < dd46b3ac7322baf3772b33b29726e94f98289db7affected
LinuxLinux827fc630e4c8087df5a8e8ee013b686bd6f13736 < 8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3caffected
LinuxLinux7a41fdf27a4b1ee565ce5bf3e409b2df0b8514c4affected
LinuxLinux5.18.18 < 5.19affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.1.56 <= 6.1.*unaffected
LinuxLinux6.5.6 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References