CVE-2023-53038
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
If kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on lpfc_read_object()'s routine to NULL check pdata.
Currently, an early return error is thrown from lpfc_read_object() to protect us from NULL ptr dereference, but the errno code is -ENODEV.
Change the errno code to a more appropriate -ENOMEM.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | - | 5.15.105 |
| linux / linux_kernel | 5.16 | 6.1.22 |
| linux / linux_kernel | 6.2 | 6.2.9 |
| linux / linux_kernel | 6.3-rc1 | 6.3-rc1.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime