CVE-2023-54234

NONE EPSS 6.2%
Published Dec 30, 20256mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Dec 30, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtack_cmds but initialization of the array elements was missed. They are just zero cleared. The function mpi3mr_complete_evt_ack() refers host_tag field of the elements. Due to the zero value of the host_tag field, the function calls clear_bit() for mrico->evtack_cmds_bitmap with wrong bit index. This results in memory access to invalid address and "BUG: KASAN: use-after-free". This BUG was observed at eHBA-9600 firmware update to version 8.3.1.0. To fix it, add the missing initialization of mrioc->evtack_cmds.

Threat Intelligence

EPSS Exploit Probability
6.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 3

  • git.kernel.org https://git.kernel.org/stable/c/4e0dfdb48a824deac3dfbc67fb856ef2aee13529
  • git.kernel.org https://git.kernel.org/stable/c/67989091e11a974003ddf2ec39bc613df8eadd83
  • git.kernel.org https://git.kernel.org/stable/c/e39ea831ebad4ab15c4748cb62a397a8abcca36e

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.