CVE-2023-54289

Dec. 31, 2025, 8:42 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return directly. In particular the "qedf->global_queues" have not been allocated so calling qedf_free_global_queues() will lead to a NULL dereference when we check if (!gl[i]) and "gl" is NULL.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • Scsi Qedf
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
a linux scsi_qedf / / / / / / / /

References

https://git.kernel.org/stable/c/08c001c1e9444a3046c79a99aa93ac48073b18cc
https://git.kernel.org/stable/c/271c9b2eb60149afbeab28cb39e52f73bde9900c
https://git.kernel.org/stable/c/961c8370c5f7e80a267680476e1bcff34bffe71a
https://git.kernel.org/stable/c/ac64019e4d4b08c23edb117e0b2590985e33de1d
https://git.kernel.org/stable/c/b1de5105d29b145b727b797e2d5de071ab3a7ca1
https://git.kernel.org/stable/c/c316bde418af4c2a9df51149ed01d1bd8ca5bebf
https://git.kernel.org/stable/c/f025312b089474a54e4859f3453771314d9e3d4f

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-12-30
CVE-2023-54289

Timeline

Published: Dec. 30, 2025, 1:16 p.m.
Last Modified: Dec. 31, 2025, 8:42 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.