5.5

CVE-2023-53038

scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()

If kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on
lpfc_read_object()'s routine to NULL check pdata.

Currently, an early return error is thrown from lpfc_read_object() to
protect us from NULL ptr dereference, but the errno code is -ENODEV.

Change the errno code to a more appropriate -ENOMEM.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.15.105
LinuxLinux Kernel Version >= 5.16 < 6.1.22
LinuxLinux Kernel Version >= 6.2 < 6.2.9
LinuxLinux Kernel Version6.3 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.062
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/67b8343998b84418bc5b5206aa01fe9b461a80ef
Patch
https://git.kernel.org/stable/c/4829a1e1171536978b240a1438789c2e4d5c9715
Patch
https://git.kernel.org/stable/c/908dd9a0853a88155a5a36018c7e2b32ccf20379
Patch
https://git.kernel.org/stable/c/312320b0e0ec21249a17645683fe5304d796aec1
Patch