CVE-2023-54289
Unknown Unknown - Not Provided
NULL Pointer Dereference in Linux Kernel qedf SCSI Driver

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return directly. In particular the "qedf->global_queues" have not been allocated so calling qedf_free_global_queues() will lead to a NULL dereference when we check if (!gl[i]) and "gl" is NULL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2023-54289
EUVD
EUVD-2023-60515
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
qlogic qedf *
qedf qedf *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the Linux kernel's qedf driver for SCSI devices. It occurs in the error handling code of the function qedf_alloc_global_queues(), where the code attempts to free global queues that have not been allocated yet, leading to a NULL dereference and potential kernel crash.

Impact Analysis

This vulnerability can cause a kernel crash or system instability due to a NULL pointer dereference in the qedf driver. This may lead to denial of service or unexpected system behavior on affected systems using the qedf driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54289. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart