DEBIAN-CVE-2023-54289

DEBIAN-CVE-2023-54289 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix NULL dereference in error handling Smatch reported: drivers/scsi/qedf/qedf_main.c:3056 qedf_alloc_global_queues() warn: missing unwind goto? At this point in the function, nothing has been allocated so we can return directly. In particular the "qedf->global_queues" have not been allocated so calling qedf_free_global_queues() will lead to a NULL dereference when we check if (!gl[i]) and "gl" is NULL.

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 0, 0
Debian:14	linux	0, 0, 0
Debian:11	linux	0, 5.10.148-1, 5.10.149-1
Debian:12	linux	6.1.38-2, 6.1.38-2~bpo11+1, 6.1.38-3

Timeline

Dec 30, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-54289 advisory

Open in Interactive Console →