CVE-2023-53124
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/05/2025
Last modified:
02/05/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()<br />
<br />
Port is allocated by sas_port_alloc_num() and rphy is allocated by either<br />
sas_end_device_alloc() or sas_expander_alloc(), all of which may return<br />
NULL. So we need to check the rphy to avoid possible NULL pointer access.<br />
<br />
If sas_rphy_add() returned with failure, rphy is set to NULL. We would<br />
access the rphy in the following lines which would also result NULL pointer<br />
access.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/090305c36185c0547e4441d4c08f1cf096b32134
- https://git.kernel.org/stable/c/6f0c2f70d9929208d8427ec72c3ed91e2251e289
- https://git.kernel.org/stable/c/9937f784a608944107dcc2ba9a9c3333f8330b9e
- https://git.kernel.org/stable/c/a26c775ccc4cfe46f9b718b51bd24313053c7e0b
- https://git.kernel.org/stable/c/b5e5bbb3fa5f8412e96c5eda7f4a4af6241d6bd3
- https://git.kernel.org/stable/c/d3c57724f1569311e4b81e98fad0931028b9bdcd