CVE-2023-53282

EPSS 0.02%
Published 16.09.2025 08:11:16
Last modified 16.09.2025 12:49:16
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write

During the sysfs firmware write process, a use-after-free read warning is
logged from the lpfc_wr_object() routine:

  BUG: KFENCE: use-after-free read in lpfc_wr_object+0x235/0x310 [lpfc]
  Use-after-free read at 0x0000000000cf164d (in kfence-#111):
  lpfc_wr_object+0x235/0x310 [lpfc]
  lpfc_write_firmware.cold+0x206/0x30d [lpfc]
  lpfc_sli4_request_firmware_update+0xa6/0x100 [lpfc]
  lpfc_request_firmware_upgrade_store+0x66/0xb0 [lpfc]
  kernfs_fop_write_iter+0x121/0x1b0
  new_sync_write+0x11c/0x1b0
  vfs_write+0x1ef/0x280
  ksys_write+0x5f/0xe0
  do_syscall_64+0x59/0x90
  entry_SYSCALL_64_after_hwframe+0x63/0xcd

The driver accessed wr_object pointer data, which was initialized into
mailbox payload memory, after the mailbox object was released back to the
mailbox pool.

Fix by moving the mailbox free calls to the end of the routine ensuring
that we don't reference internal mailbox memory after release.

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 51ab4eb1a25e73c7fc2ad9026520c4d8369c93cc

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 8dfefa8f424ab208e552df1bfd008b732f3d0ad1

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 8becb97918f04bb177bc9c4e00c2bdb302e00944

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 21681b81b9ae548c5dae7ae00d931197a27f480c

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version <= 5.15.*

Version 5.15.99

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.046

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/51ab4eb1a25e73c7fc2ad9026520c4d8369c93cc

https://git.kernel.org/stable/c/8dfefa8f424ab208e552df1bfd008b732f3d0ad1

https://git.kernel.org/stable/c/8becb97918f04bb177bc9c4e00c2bdb302e00944

https://git.kernel.org/stable/c/21681b81b9ae548c5dae7ae00d931197a27f480c

https://nvd.nist.gov/vuln/detail/CVE-2023-53282

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53282

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53282

EUVD