DEBIAN-CVE-2023-54234
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-54234
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-54234.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-54234
- Upstream
- Published
- 2025-12-30T13:16:11.847Z
- Modified
- 2025-12-31T11:19:57.333165Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtackcmds initialization Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtackcmds but initialization of the array elements was missed. They are just zero cleared. The function mpi3mrcompleteevtack() refers hosttag field of the elements. Due to the zero value of the hosttag field, the function calls clearbit() for mrico->evtackcmdsbitmap with wrong bit index. This results in memory access to invalid address and "BUG: KASAN: use-after-free". This BUG was observed at eHBA-9600 firmware update to version 8.3.1.0. To fix it, add the missing initialization of mrioc->evtack_cmds.
- References
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source