CVE-2023-54315
Unknown Unknown - Not Provided
Null Pointer Dereference in Linux PowerNV PCI SR-IOV Component

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/sriov: perform null check on iov before dereferencing iov Currently pointer iov is being dereferenced before the null check of iov which can lead to null pointer dereference errors. Fix this by moving the iov null check before the dereferencing. Detected using cppcheck static analysis: linux/arch/powerpc/platforms/powernv/pci-sriov.c:597:12: warning: Either the condition '!iov' is redundant or there is possible null pointer dereference: iov. [nullPointerRedundantCheck] num_vfs = iov->num_vfs; ^
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-14
NVD
CVE-2023-54315
EUVD
EUVD-2023-60489
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the powerpc/powernv/sriov code where a pointer named 'iov' is dereferenced before checking if it is null. Dereferencing a null pointer can cause errors or crashes. The fix involves performing a null check on 'iov' before dereferencing it to prevent null pointer dereference errors.

Impact Analysis

If exploited, this vulnerability can cause the Linux kernel to dereference a null pointer, potentially leading to system crashes or instability. This can affect system reliability and availability.

Mitigation Strategies

The vulnerability is fixed by applying the patch that moves the null check on the pointer 'iov' before it is dereferenced in the Linux kernel source code. To mitigate this vulnerability, update your Linux kernel to a version that includes this fix.

Detection Guidance

This vulnerability was detected using static analysis with cppcheck on the Linux kernel source code, specifically at linux/arch/powerpc/platforms/powernv/pci-sriov.c line 597. To detect this vulnerability on your system, you can run cppcheck static analysis on the affected source file to identify the null pointer dereference issue. Example command: cppcheck --enable=warning linux/arch/powerpc/platforms/powernv/pci-sriov.c

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-54315. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart