-

CVE-2023-54156

EPSS 0.05%
Veröffentlicht 24.12.2025 13:07:06
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

sfc: fix crash when reading stats while NIC is resetting

In the Linux kernel, the following vulnerability has been resolved:

sfc: fix crash when reading stats while NIC is resetting

efx_net_stats() (.ndo_get_stats64) can be called during an ethtool
 selftest, during which time nic_data->mc_stats is NULL as the NIC has
 been fini'd.  In this case do not attempt to fetch the latest stats
 from the hardware, else we will crash on a NULL dereference:
    BUG: kernel NULL pointer dereference, address: 0000000000000038
    RIP efx_nic_update_stats
    abridged calltrace:
    efx_ef10_update_stats_pf
    efx_net_stats
    dev_get_stats
    dev_seq_printf_stats
Skipping the read is safe, we will simply give out stale stats.
To ensure that the free in efx_ef10_fini_nic() does not race against
 efx_ef10_update_stats_pf(), which could cause a TOCTTOU bug, take the
 efx->stats_lock in fini_nic (it is already held across update_stats).

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

CNA 2 VulnDex Vulnerability Enrichment 7

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Version < cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb

Status affected

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Version < 91f4ef204e731565afdc6c2a7fcf509a3fd6fd67

Status affected

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Version < 446f5567934331923d0aec4ce045e4ecb0174aae

Status affected

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Version < 470152d76b3ed107d172ea46acc4bfa941f20b4b

Status affected

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Version < aba32b4c58112960c0c708703ca6b44dc8944082

Status affected

Version d3142c193dca9a2f6878f4128ce1aaf221bb3f99

Version < d1b355438b8325a486f087e506d412c4e852f37b

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.9

Status affected

Version 0

Version < 5.9

Status unaffected

Version <= 5.10.*

Version 5.10.188

Status unaffected

Version <= 5.15.*

Version 5.15.121

Status unaffected

Version <= 6.1.*

Version 6.1.39

Status unaffected

Version <= 6.3.*

Version 6.3.13

Status unaffected

Version <= 6.4.*

Version 6.4.4

Status unaffected

Version <= *

Version 6.5

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb

https://git.kernel.org/stable/c/91f4ef204e731565afdc6c2a7fcf509a3fd6fd67

https://git.kernel.org/stable/c/446f5567934331923d0aec4ce045e4ecb0174aae

https://git.kernel.org/stable/c/470152d76b3ed107d172ea46acc4bfa941f20b4b

https://git.kernel.org/stable/c/aba32b4c58112960c0c708703ca6b44dc8944082

https://git.kernel.org/stable/c/d1b355438b8325a486f087e506d412c4e852f37b

https://nvd.nist.gov/vuln/detail/CVE-2023-54156

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54156

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54156

EUVD