CVE-2023-54234

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: mpi3mr: Fix missing mrioc-&gt;evtack_cmds initialization<br /> <br /> Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic")<br /> introduced an array mrioc-&gt;evtack_cmds but initialization of the array<br /> elements was missed. They are just zero cleared. The function<br /> mpi3mr_complete_evt_ack() refers host_tag field of the elements. Due to the<br /> zero value of the host_tag field, the function calls clear_bit() for<br /> mrico-&gt;evtack_cmds_bitmap with wrong bit index. This results in memory<br /> access to invalid address and "BUG: KASAN: use-after-free". This BUG was<br /> observed at eHBA-9600 firmware update to version 8.3.1.0. To fix it, add<br /> the missing initialization of mrioc-&gt;evtack_cmds.