CVE-2023-54289
Unknown Unknown - Not Provided

NULL Pointer Dereference in Linux Kernel qedf SCSI Driver

Vulnerability report for CVE-2023-54289, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return directly. In particular the "qedf->global_queues" have not been allocated so calling qedf_free_global_queues() will lead to a NULL dereference when we check if (!gl[i]) and "gl" is NULL.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-07-06
AI Q&A
2025-12-30
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
qlogic qedf *
qedf qedf *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the Linux kernel's qedf driver for SCSI devices. It occurs in the error handling code of the function qedf_alloc_global_queues(), where the code attempts to free global queues that have not been allocated yet, leading to a NULL dereference and potential kernel crash.

Impact Analysis

This vulnerability can cause a kernel crash or system instability due to a NULL pointer dereference in the qedf driver. This may lead to denial of service or unexpected system behavior on affected systems using the qedf driver.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54289. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart