-

CVE-2023-54156

EPSS 0.04%
Veröffentlicht 24.12.2025 13:07:06
Zuletzt bearbeitet 29.12.2025 15:58:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

sfc: fix crash when reading stats while NIC is resetting

efx_net_stats() (.ndo_get_stats64) can be called during an ethtool
 selftest, during which time nic_data->mc_stats is NULL as the NIC has
 been fini'd.  In this case do not attempt to fetch the latest stats
 from the hardware, else we will crash on a NULL dereference:
    BUG: kernel NULL pointer dereference, address: 0000000000000038
    RIP efx_nic_update_stats
    abridged calltrace:
    efx_ef10_update_stats_pf
    efx_net_stats
    dev_get_stats
    dev_seq_printf_stats
Skipping the read is safe, we will simply give out stale stats.
To ensure that the free in efx_ef10_fini_nic() does not race against
 efx_ef10_update_stats_pf(), which could cause a TOCTTOU bug, take the
 efx->stats_lock in fini_nic (it is already held across update_stats).

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Status affected

Version < 91f4ef204e731565afdc6c2a7fcf509a3fd6fd67

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Status affected

Version < 446f5567934331923d0aec4ce045e4ecb0174aae

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Status affected

Version < 470152d76b3ed107d172ea46acc4bfa941f20b4b

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Status affected

Version < aba32b4c58112960c0c708703ca6b44dc8944082

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Status affected

Version < d1b355438b8325a486f087e506d412c4e852f37b

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.9

Status affected

Version < 5.9

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.188

Status unaffected

Version <= 5.15.*

Version 5.15.121

Status unaffected

Version <= 6.1.*

Version 6.1.39

Status unaffected

Version <= 6.3.*

Version 6.3.13

Status unaffected

Version <= 6.4.*

Version 6.4.4

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb

https://git.kernel.org/stable/c/91f4ef204e731565afdc6c2a7fcf509a3fd6fd67

https://git.kernel.org/stable/c/446f5567934331923d0aec4ce045e4ecb0174aae

https://git.kernel.org/stable/c/470152d76b3ed107d172ea46acc4bfa941f20b4b

https://git.kernel.org/stable/c/aba32b4c58112960c0c708703ca6b44dc8944082

https://git.kernel.org/stable/c/d1b355438b8325a486f087e506d412c4e852f37b

https://nvd.nist.gov/vuln/detail/CVE-2023-54156

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54156

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54156

EUVD