CVE-2023-53603 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Avoid fcport pointer dereference

Klocwork reported warning of NULL pointer may be dereferenced. The routine
exits when sa_ctl is NULL and fcport is allocated after the exit call thus
causing NULL fcport pointer to dereference at the time of exit.

To avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00023.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux	Linux Kernel

Advisories

Source	ID	Title
EUVD	EUVD-2023-60005	In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sa_ctl is NULL and fcport is allocated after the exit call thus causing NULL fcport pointer to dereference at the time of exit. To avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/4406fe8a96a946c7ea5724ee59625755a1d9c59d
https://git.kernel.org/stable/c/477bc74ad1add644b606bff6ba1284943c42818a
https://git.kernel.org/stable/c/6b504d06976fe4a61cc05dedc68b84fadb397f77
https://git.kernel.org/stable/c/7bbeff613ec0560fb2f6f8b405288f3f043adf64
https://lore.kernel.org/linux-cve-announce/2025100431-CVE-2023-53603-df40@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-53603
https://www.cve.org/CVERecord?id=CVE-2023-53603

History

Mon, 06 Oct 2025 22:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025100431-CVE-2023-53603-df40@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-53603 https://www.cve.org/CVERecord?id=CVE-2023-53603
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Mon, 06 Oct 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Sat, 04 Oct 2025 16:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sa_ctl is NULL and fcport is allocated after the exit call thus causing NULL fcport pointer to dereference at the time of exit. To avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.
Title		scsi: qla2xxx: Avoid fcport pointer dereference
References		https://git.kernel.org/stable/c/4406fe8a96a946c7ea5724ee59625755a1d9c59d https://git.kernel.org/stable/c/477bc74ad1add644b606bff6ba1284943c42818a https://git.kernel.org/stable/c/6b504d06976fe4a61cc05dedc68b84fadb397f77 https://git.kernel.org/stable/c/7bbeff613ec0560fb2f6f8b405288f3f043adf64

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-04T15:44:13.820Z

Updated: 2025-10-29T10:50:33.875Z

Reserved: 2025-10-04T15:40:38.479Z

Link: CVE-2023-53603

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-10-04T16:15:56.940

Modified: 2025-10-06T14:56:21.733

Link: CVE-2023-53603

Redhat

Severity : Low

Publid Date: 2025-10-04T00:00:00Z

Links: CVE-2023-53603 - Bugzilla

OpenCVE Enrichment

Updated: 2025-10-06T14:40:26Z

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object