CVE-2023-53124

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()

Port is allocated by sas_port_alloc_num() and rphy is allocated by either
sas_end_device_alloc() or sas_expander_alloc(), all of which may return
NULL. So we need to check the rphy to avoid possible NULL pointer access.

If sas_rphy_add() returned with failure, rphy is set to NULL. We would
access the rphy in the following lines which would also result NULL pointer
access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.129-1
fixed
bookworm (security)
6.1.135-1
fixed
trixie
6.12.22-1
fixed
sid
6.12.25-1
fixed
References
https://git.kernel.org/stable/c/090305c36185c0547e4441d4c08f1cf096b32134
https://git.kernel.org/stable/c/6f0c2f70d9929208d8427ec72c3ed91e2251e289
https://git.kernel.org/stable/c/9937f784a608944107dcc2ba9a9c3333f8330b9e
https://git.kernel.org/stable/c/a26c775ccc4cfe46f9b718b51bd24313053c7e0b
https://git.kernel.org/stable/c/b5e5bbb3fa5f8412e96c5eda7f4a4af6241d6bd3
https://git.kernel.org/stable/c/d3c57724f1569311e4b81e98fad0931028b9bdcd