5.5

CVE-2023-53124

scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()

Port is allocated by sas_port_alloc_num() and rphy is allocated by either
sas_end_device_alloc() or sas_expander_alloc(), all of which may return
NULL. So we need to check the rphy to avoid possible NULL pointer access.

If sas_rphy_add() returned with failure, rphy is set to NULL. We would
access the rphy in the following lines which would also result NULL pointer
access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4.229 < 5.4.238
LinuxLinux Kernel Version >= 5.10.163 < 5.10.176
LinuxLinux Kernel Version >= 5.15.86 < 5.15.104
LinuxLinux Kernel Version >= 6.0.16 < 6.1
LinuxLinux Kernel Version >= 6.1.2 < 6.1.21
LinuxLinux Kernel Version >= 6.2 < 6.2.8
LinuxLinux Kernel Version6.3 Updaterc1
LinuxLinux Kernel Version6.3 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/090305c36185c0547e4441d4c08f1cf096b32134
Patch
https://git.kernel.org/stable/c/6f0c2f70d9929208d8427ec72c3ed91e2251e289
Patch
https://git.kernel.org/stable/c/9937f784a608944107dcc2ba9a9c3333f8330b9e
Patch
https://git.kernel.org/stable/c/b5e5bbb3fa5f8412e96c5eda7f4a4af6241d6bd3
Patch
https://git.kernel.org/stable/c/a26c775ccc4cfe46f9b718b51bd24313053c7e0b
Patch
https://git.kernel.org/stable/c/d3c57724f1569311e4b81e98fad0931028b9bdcd
Patch