CVE-2023-53451
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
01/10/2025
Last modified:
16/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
scsi: qla2xxx: Fix potential NULL pointer dereference<br />
<br />
Klocwork tool reported &#39;cur_dsd&#39; may be dereferenced. Add fix to validate<br />
pointer before dereferencing the pointer.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.35 (including) | 4.14.322 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.291 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.251 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.188 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.121 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.40 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.4.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/02405f4023866ae91a611b5b85cb2e074ec2de5a
- https://git.kernel.org/stable/c/2bea9c1c983152c5411f5a2f1113cb790ce1389d
- https://git.kernel.org/stable/c/464ea494a40c6e3e0e8f91dd325408aaf21515ba
- https://git.kernel.org/stable/c/4f90a8b0481615622bd0558aa8cf361bea872045
- https://git.kernel.org/stable/c/5a52a2e14fe866541bbc0033058e44bf0bf0c580
- https://git.kernel.org/stable/c/af7affc0f6b82a5bde430fc4f0dcf70963442fbc
- https://git.kernel.org/stable/c/ce2cdbe530b0066bae1f98dbab590a232d507eaa
- https://git.kernel.org/stable/c/ee4c9a93238b9ce3703942500cb1aeacf77090d2