Linux Kernel Vulnerability in SCSI qla2xxx - Pointer Dereference Issue
CVE-2023-53603

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2023-53603?

A vulnerability within the SCSI qla2xxx module of the Linux kernel allows for a potential NULL pointer dereference. When the sa_ctl variable is NULL, the code incorrectly proceeds to allocate a fcport pointer. If the routine does not exit properly when sa_ctl is NULL, it may lead to dereferencing an uninitalized fcport pointer, posing stability and security risks in certain conditions. A resolution has been implemented to ensure that the routine exits safely whenever sa_ctl is found to be NULL, preventing this issue.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4406fe8a96a946c7ea5724ee59625755a1d9c59d

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 477bc74ad1add644b606bff6ba1284943c42818a

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7bbeff613ec0560fb2f6f8b405288f3f043adf64

References

https://git.kernel.org/stable/c/4406fe8a96a946c7ea5724ee5...

https://git.kernel.org/stable/c/477bc74ad1add644b606bff6b...

https://git.kernel.org/stable/c/7bbeff613ec0560fb2f6f8b40...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Oct 4, 2025

JSON