CVE-2023-52809

scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() fc_lport_ptp_setup() did not check the return value of fc_rport_create() which can return NULL and would cause a NULL pointer dereference. Address this issue by checking return value of fc_rport_create() and log error message on fc_rport_create() failed.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/930f0aaba4820d6362de4e6ed569eaf444f1ea4e patch
https://git.kernel.org/stable/c/77072ec41d6ab3718c3fc639bc149b8037caedfa patch
https://git.kernel.org/stable/c/b549acf999824d4f751ca57965700372f2f3ad00 patch
https://git.kernel.org/stable/c/bb83f79f90e92f46466adcfd4fd264a7ae0f0f01 patch
https://git.kernel.org/stable/c/56d78b5495ebecbb9395101f3be177cd0a52450b patch
https://git.kernel.org/stable/c/442fd24d7b6b29e4a9cd9225afba4142d5f522ba patch
https://git.kernel.org/stable/c/f6fe7261b92b21109678747f36df9fdab1e30c34 patch
https://git.kernel.org/stable/c/6b9ecf4e1032e645873933e5b43cbb84cac19106 patch
https://git.kernel.org/stable/c/4df105f0ce9f6f30cda4e99f577150d23f0c9c5f patch

Frequently Asked Questions

What is the severity of CVE-2023-52809?
CVE-2023-52809 has been scored as a medium severity vulnerability.
How to fix CVE-2023-52809?
To fix CVE-2023-52809, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-52809 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-52809 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-52809?
CVE-2023-52809 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.