CVE-2023-53037

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Bad drive in topology results kernel crash When the SAS Transport Layer support is enabled and a device exposed to the OS by the driver fails INQUIRY commands, the driver frees up the memory allocated for an internal HBA port data structure. However, in some places, the reference to the freed memory is not cleared. When the firmware sends the Device Info change event for the same device again, the freed memory is accessed and that leads to memory corruption and OS crash.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1f822ae8fb2a20fffa71e9bfa9b203c03d72d3ba	Patch
https://git.kernel.org/stable/c/8e45183978d64699df639e795235433a60f35047	Patch
https://git.kernel.org/stable/c/aa11e4b6cdb403b9fdef6939550f6b36dd61624d	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.3:rc1::::::

History

12 Nov 2025, 19:13

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/1f822ae8fb2a20fffa71e9bfa9b203c03d72d3ba -~~	() https://git.kernel.org/stable/c/1f822ae8fb2a20fffa71e9bfa9b203c03d72d3ba - Patch
References	~~() https://git.kernel.org/stable/c/8e45183978d64699df639e795235433a60f35047 -~~	() https://git.kernel.org/stable/c/8e45183978d64699df639e795235433a60f35047 - Patch
References	~~() https://git.kernel.org/stable/c/aa11e4b6cdb403b9fdef6939550f6b36dd61624d -~~	() https://git.kernel.org/stable/c/aa11e4b6cdb403b9fdef6939550f6b36dd61624d - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
First Time		Linux linux Kernel Linux
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.3:rc1::::::
CWE		CWE-416

Information

Published : 2025-05-02 16:15

Updated : 2025-11-12 19:13

NVD link : CVE-2023-53037

Mitre link : CVE-2023-53037

CVE.ORG link : CVE-2023-53037

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

{"id": "CVE-2023-53037", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-05-02T16:15:22.827", "references": [{"url": "https://git.kernel.org/stable/c/1f822ae8fb2a20fffa71e9bfa9b203c03d72d3ba", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8e45183978d64699df639e795235433a60f35047", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/aa11e4b6cdb403b9fdef6939550f6b36dd61624d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Bad drive in topology results kernel crash\n\nWhen the SAS Transport Layer support is enabled and a device exposed to\nthe OS by the driver fails INQUIRY commands, the driver frees up the memory\nallocated for an internal HBA port data structure. However, in some places,\nthe reference to the freed memory is not cleared. When the firmware sends\nthe Device Info change event for the same device again, the freed memory is\naccessed and that leads to memory corruption and OS crash."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: Una unidad defectuosa en la topolog\u00eda provoca un bloqueo del kernel. Cuando se habilita la compatibilidad con la capa de transporte SAS y un dispositivo expuesto al sistema operativo por el controlador no cumple con los comandos INQUIRY, el controlador libera la memoria asignada a una estructura de datos de puerto HBA interno. Sin embargo, en algunos lugares, la referencia a la memoria liberada no se borra. Cuando el firmware vuelve a enviar el evento de cambio de informaci\u00f3n del dispositivo para el mismo dispositivo, se accede a la memoria liberada, lo que provoca la corrupci\u00f3n de la memoria y el bloqueo del sistema operativo."}], "lastModified": "2025-11-12T19:13:52.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D83E0E2-9280-476D-A4E9-91ECF5ED221C", "versionEndExcluding": "6.1.22", "versionStartIncluding": "5.14"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "914F22DD-1E6F-4B0A-A14D-3A9F068F6761", "versionEndExcluding": "6.2.9", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}