SB20250916194 - NULL pointer dereference in Linux kernel scsi qla2xxx driver
Published: September 16, 2025 Updated: September 22, 2025
Security Bulletin ID
SB20250916194
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2023-53150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_bsg_request() function in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/005961bd8f066fe931104f67c34ebfcc7f240099
- https://git.kernel.org/stable/c/00eca15319d9ce8c31cdf22f32a3467775423df4
- https://git.kernel.org/stable/c/0715da51391d223bf4981e28346770edea7eeb74
- https://git.kernel.org/stable/c/22b1d7c8bb59c3376430a8bad5840194b12bf29a
- https://git.kernel.org/stable/c/3f22f9ddbb29dba369daddb084be3bacf1587529
- https://git.kernel.org/stable/c/5addd62586a94a572359418464ce0ae12fa46187
- https://git.kernel.org/stable/c/a69125a3ce88d9a386872034e7664b30cc4bcbed
- https://git.kernel.org/stable/c/b06d1b525364bbcf4929b4b35d81945b10dc9883
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.40