Description

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtack_cmds but initialization of the array elements was missed. They are just zero cleared. The function mpi3mr_complete_evt_ack() refers host_tag field of the elements. Due to the zero value of the host_tag field, the function calls clear_bit() for mrico->evtack_cmds_bitmap with wrong bit index. This results in memory access to invalid address and "BUG: KASAN: use-after-free". This BUG was observed at eHBA-9600 firmware update to version 8.3.1.0. To fix it, add the missing initialization of mrioc->evtack_cmds.

INFO

Published Date :

2025-12-30T12:11:25.021Z

Last Modified :

2025-12-30T12:11:25.021Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2023-54234 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-54234.

URL Resource
https://git.kernel.org/stable/c/4e0dfdb48a824deac3dfbc67fb856ef2aee13529 cve-icon cve-icon
https://git.kernel.org/stable/c/67989091e11a974003ddf2ec39bc613df8eadd83 cve-icon cve-icon
https://git.kernel.org/stable/c/e39ea831ebad4ab15c4748cb62a397a8abcca36e cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025123031-CVE-2023-54234-bb5c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-54234 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-54234 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact