CVE-2023-52811
Published: May 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUG_ON, and in the case that the kernel is not configured to crash on panic returns a junk event pointer from the empty event list causing things to spiral from there. This BUG_ON is a historical artifact of the ibmvfc driver first being upstreamed, and it is well known now that the use of BUG_ON is bad practice except in the most unrecoverable scenario. There is nothing about this scenario that prevents the driver from recovering and carrying on. Remove the BUG_ON in question from ibmvfc_get_event() and return a NULL pointer in the case of an empty event pool. Update all call sites to ibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate failure or recovery action.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 072b91f9c6510d0ec4a49d07dbc318760c7da7b3 - < e1d1f79b1929dce470a5dc9281c574cd58e8c6c0affected 072b91f9c6510d0ec4a49d07dbc318760c7da7b3 - < 88984ec4792766df5a9de7a2ff2b5f281f94c7d4affected 072b91f9c6510d0ec4a49d07dbc318760c7da7b3 - < d2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8affected 072b91f9c6510d0ec4a49d07dbc318760c7da7b3 - < 8bbe784c2ff28d56ca0c548aaf3e584edc77052daffected 072b91f9c6510d0ec4a49d07dbc318760c7da7b3 - < b39f2d10b86d0af353ea339e5815820026bca48f |
Linux | Linux | affected 2.6.27unaffected 0 - < 2.6.27unaffected 5.15.140 - <= 5.15.*unaffected 6.1.64 - <= 6.1.*unaffected 6.5.13 - <= 6.5.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now