CVE-2023-54234

UNKNOWN 0.0

scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtack_cmds but initialization of the array elements was missed. They are just zero cleared. The function mpi3mr_complete_evt_ack() refers host_tag field of the elements. Due to the zero value of the host_tag field, the function calls clear_bit() for mrico->evtack_cmds_bitmap with wrong bit index. This results in memory access to invalid address and "BUG: KASAN: use-after-free". This BUG was observed at eHBA-9600 firmware update to version 8.3.1.0. To fix it, add the missing initialization of mrioc->evtack_cmds.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Dec 30, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

c1af985d27da2d530c22604644e9025810f57d7c < 4e0dfdb48a824deac3dfbc67fb856ef2aee13529 c1af985d27da2d530c22604644e9025810f57d7c < 67989091e11a974003ddf2ec39bc613df8eadd83 c1af985d27da2d530c22604644e9025810f57d7c < e39ea831ebad4ab15c4748cb62a397a8abcca36e

Linux / Linux

5.17

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/4e0dfdb48a824deac3dfbc67fb856ef2aee13529 git.kernel.org: https://git.kernel.org/stable/c/67989091e11a974003ddf2ec39bc613df8eadd83 git.kernel.org: https://git.kernel.org/stable/c/e39ea831ebad4ab15c4748cb62a397a8abcca36e