CVE-2023-52811
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-52811
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52811.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-52811
- Downstream
- Related
- Published
- 2024-05-21T15:31:20.282Z
- Modified
- 2025-11-28T02:35:32.980445Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUGON, and in the case that the kernel is not configured to crash on panic returns a junk event pointer from the empty event list causing things to spiral from there. This BUGON is a historical artifact of the ibmvfc driver first being upstreamed, and it is well known now that the use of BUG_ON is bad practice except in the most unrecoverable scenario. There is nothing about this scenario that prevents the driver from recovering and carrying on.
Remove the BUGON in question from ibmvfcgetevent() and return a NULL pointer in the case of an empty event pool. Update all call sites to ibmvfcget_event() to check for a NULL pointer and perfrom the appropriate failure or recovery action.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52811.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/88984ec4792766df5a9de7a2ff2b5f281f94c7d4
- https://git.kernel.org/stable/c/8bbe784c2ff28d56ca0c548aaf3e584edc77052d
- https://git.kernel.org/stable/c/b39f2d10b86d0af353ea339e5815820026bca48f
- https://git.kernel.org/stable/c/d2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8
- https://git.kernel.org/stable/c/e1d1f79b1929dce470a5dc9281c574cd58e8c6c0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52811.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-52811
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixede1d1f79b1929dce470a5dc9281c574cd58e8c6c0Fixed88984ec4792766df5a9de7a2ff2b5f281f94c7d4Fixedd2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8Fixed8bbe784c2ff28d56ca0c548aaf3e584edc77052dFixedb39f2d10b86d0af353ea339e5815820026bca48f