scsi: ses: Don't attach if enclosure has no components
CVE-2023-53431

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 September 2025

What is CVE-2023-53431?

In the Linux kernel, the following vulnerability has been resolved:

scsi: ses: Don't attach if enclosure has no components

An enclosure with no components can't usefully be operated by the driver (since effectively it has nothing to manage), so report the problem and don't attach. Not attaching also fixes an oops which could occur if the driver tries to manage a zero component enclosure.

[mkp: Switched to KERN_WARNING since this scenario is common]

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4863fefc8a8cc8e8f6c7635b12d9dffaa0a12d86

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6069e04a922a0488bcf4f1017d38d18afda8194c

References

https://git.kernel.org/stable/c/4863fefc8a8cc8e8f6c7635b1...

https://git.kernel.org/stable/c/feefd5232ecb788f0666f7589...

https://git.kernel.org/stable/c/6069e04a922a0488bcf4f1017...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Sep 17, 2025