CVE-2023-52811

Advisory lineage Upstream: 0 Downstream: 22

Downstream

DEBIAN-CVE-2023-52811 RHSA-2024:10771 RHSA-2024:4823 RHSA-2024:4831 RHSA-2024:5101 RHSA-2024:5102

Analyzed

Published: 21 May 2024, 15:31

Last modified:11 May 2026, 19:33

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 May 2024, 15:31

Published

Vulnerability first disclosed

11 May 2026, 19:33

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUG_ON, and in the case that the kernel is not configured to crash on panic returns a junk event pointer from the empty event list causing things to spiral from there. This BUG_ON is a historical artifact of the ibmvfc driver first being upstreamed, and it is well known now that the use of BUG_ON is bad practice except in the most unrecoverable scenario. There is nothing about this scenario that prevents the driver from recovering and carrying on. Remove the BUG_ON in question from ibmvfc_get_event() and return a NULL pointer in the case of an empty event pool. Update all call sites to ibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate failure or recovery action.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 4%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 072b91f9c6510d0ec4a49d07dbc318760c7da7b3, < e1d1f79b1929dce470a5dc9281c574cd58e8c6c0 | ≥ 072b91f9c6510d0ec4a49d07dbc318760c7da7b3, < 88984ec4792766df5a9de7a2ff2b5f281f94c7d4 | ≥ 072b91f9c6510d0ec4a49d07dbc318760c7da7b3, < d2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8 | ≥ 072b91f9c6510d0ec4a49d07dbc318760c7da7b3, < 8bbe784c2ff28d56ca0c548aaf3e584edc77052d | ≥ 072b91f9c6510d0ec4a49d07dbc318760c7da7b3, < b39f2d10b86d0af353ea339e5815820026bca48f | 2.6.27
linux•linux_kernel
< 5.15.140 | ≥ 5.16, < 6.1.64 | ≥ 6.2, < 6.5.13 | ≥ 6.6, < 6.6.3