Out-of-bounds Access in Linux Kernel SCSI Implementation
CVE-2023-7324

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 29 October 2025

What is CVE-2023-7324?

A vulnerability in the Linux kernel's SCSI implementation could lead to potential out-of-bounds access issues. Specifically, the vulnerability arises in the 'ses_enclosure_data_process()' function, where there is a risk of accessing memory beyond the allocated bounds for additional descriptor pointers. This vulnerability has been addressed through sanitization measures, enhancing the security and stability of the kernel. Users are encouraged to update their systems to incorporate the latest security patches that resolve these issues.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8e454aba72805241239caf8ba9b8e5a6be772b96

References

https://git.kernel.org/stable/c/af5114d824f3511a69d68beff...

https://git.kernel.org/stable/c/a156a262c543fa5ff30bcb2fc...

https://git.kernel.org/stable/c/8e454aba72805241239caf8ba...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 29, 2025

JSON