Linux Kernel Vulnerability in QLA2XXX by Broadcom
CVE-2023-53280

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 September 2025

What is CVE-2023-53280?

This vulnerability in the Linux kernel arises from improper handling of the nvme_ls_waitq wait queue within the QLA2XXX driver. When the function qla2x00_start_sp(sp) returns an error code EGAIN, it leads to attempts to wake up an uninitialized wait queue. As a result, this can cause a system crash due to a NULL pointer dereference, which exposes the system to instability and unexpected behavior during operation. The problematic queue logic has been addressed in recent commits, ensuring better stability and reliability for users of affected kernel versions.

Affected Version(s)

Linux 5621b0dd74532c09965264c14958de3f85b498a6

Linux 5621b0dd74532c09965264c14958de3f85b498a6 < 0b1ce92fabdb7d02ddf8641230a06e2752ae5baa

Linux 5621b0dd74532c09965264c14958de3f85b498a6 < 522ee1b3030f3b6b5fd59489d12b4ca767c9e5da

References

https://git.kernel.org/stable/c/b7084ebf4f54d46fed5153112...

https://git.kernel.org/stable/c/0b1ce92fabdb7d02ddf864123...

https://git.kernel.org/stable/c/522ee1b3030f3b6b5fd59489d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Sep 16, 2025