CVE-2023-53470

EUVD-2025-32792
In the Linux kernel, the following vulnerability has been resolved:

ionic: catch failure from devlink_alloc

Add a check for NULL on the alloc return.  If devlink_alloc() fails and
we try to use devlink_priv() on the NULL return, the kernel gets very
unhappy and panics. With this fix, the driver load will still fail,
but at least it won't panic the kernel.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
5.4 ≤
𝑥
< 5.15.112
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.29
linuxlinux_kernel
6.2 ≤
𝑥
< 6.2.16
linuxlinux_kernel
6.3 ≤
𝑥
< 6.3.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.153-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.16.8-1
fixed
sid
6.16.9-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.48-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/0020c16c8af7f4bc9503a2088fb30793b6771fac
https://git.kernel.org/stable/c/0d02efe7f25158c93146e3bb827bc7bb3cd5e71a
https://git.kernel.org/stable/c/4a54903ff68ddb33b6463c94b4eb37fc584ef760
https://git.kernel.org/stable/c/5325f50de5b1433b27dda7ccff5cb7283722a3f1
https://git.kernel.org/stable/c/c177dd465f5c1e5f242cdb9258826c591c257e9a