CVE-2023-52508
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
The nvme_fc_fcp_op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation.
Add validation of the request structure pointer before dereference.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 827fc630e4c8087df5a8e8ee013b686bd6f13736 < be90c9e29dd59b7d19a73297a1590ff3ec1d22ea | affected |
| Linux | Linux | 827fc630e4c8087df5a8e8ee013b686bd6f13736 < dd46b3ac7322baf3772b33b29726e94f98289db7 | affected |
| Linux | Linux | 827fc630e4c8087df5a8e8ee013b686bd6f13736 < 8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c | affected |
| Linux | Linux | 7a41fdf27a4b1ee565ce5bf3e409b2df0b8514c4 | affected |
| Linux | Linux | 5.18.18 < 5.19 | affected |
| Linux | Linux | 5.19 | affected |
| Linux | Linux | 0 < 5.19 | unaffected |
| Linux | Linux | 6.1.56 <= 6.1.* | unaffected |
| Linux | Linux | 6.5.6 <= 6.5.* | unaffected |
| Linux | Linux | 6.6 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea
- https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7
- https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c
References
- https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea
- https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7
- https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.