Use-After-Free Vulnerability in Linux Kernel's SCSI LPFC Driver
CVE-2023-53282

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 September 2025

What is CVE-2023-53282?

A use-after-free vulnerability was identified in the SCSI LPFC driver of the Linux kernel, manifesting during the sysfs firmware write operation. This issue arises when the routine attempts to access a memory reference that has already been released, leading to potential memory access violations. The vulnerability was triggered within the lpfc_wr_object() function, where internal mailbox memory was referenced after its deallocation. This flaw could lead to unintended behaviors within the driver and compromises system stability. A fix has been implemented to ensure that memory cleanup occurs at the end of relevant routines, preventing such access violations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 52d5244096017bbd11164479116baceaede342b0 < 51ab4eb1a25e73c7fc2ad9026520c4d8369c93cc

Linux 52d5244096017bbd11164479116baceaede342b0 < 8dfefa8f424ab208e552df1bfd008b732f3d0ad1

Linux 52d5244096017bbd11164479116baceaede342b0 < 8becb97918f04bb177bc9c4e00c2bdb302e00944

References

https://git.kernel.org/stable/c/51ab4eb1a25e73c7fc2ad9026...
https://git.kernel.org/stable/c/8dfefa8f424ab208e552df1bf...
https://git.kernel.org/stable/c/8becb97918f04bb177bc9c4e0...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.