CVE-2023-53037

EPSS 0.02%
Veröffentlicht 02.05.2025 15:54:56
Zuletzt bearbeitet 12.11.2025 19:13:52
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Bad drive in topology results kernel crash

When the SAS Transport Layer support is enabled and a device exposed to
the OS by the driver fails INQUIRY commands, the driver frees up the memory
allocated for an internal HBA port data structure. However, in some places,
the reference to the freed memory is not cleared. When the firmware sends
the Device Info change event for the same device again, the freed memory is
accessed and that leads to memory corruption and OS crash.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.14 < 6.1.22

Linux ≫ Linux Kernel Version >= 6.2 < 6.2.9

Linux ≫ Linux Kernel Version6.3 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/1f822ae8fb2a20fffa71e9bfa9b203c03d72d3ba

Patch

https://git.kernel.org/stable/c/aa11e4b6cdb403b9fdef6939550f6b36dd61624d

Patch

https://git.kernel.org/stable/c/8e45183978d64699df639e795235433a60f35047

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-53037

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53037

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53037

EUVD