CVE-2023-53754
scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() When if_type equals zero and pci_resource_start(pdev, PCI_64BIT_BAR4) returns false, drbl_regs_memmap_p is not remapped. This passes a NULL pointer to iounmap(), which can trigger a WARN() on certain arches. When if_type equals six and pci_resource_start(pdev, PCI_64BIT_BAR4) returns true, drbl_regs_memmap_p may has been remapped and ctrl_regs_memmap_p is not remapped. This is a resource leak and passes a NULL pointer to iounmap(). To fix these issues, we need to add null checks before iounmap(), and change some goto labels.
INFO
Published Date :
Dec. 8, 2025, 2:15 a.m.
Last Modified :
Dec. 8, 2025, 2:15 a.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Apply the patch for the scsi: lpfc vulnerability.
- Update the Linux kernel to the latest version.
- Review scsi module code for similar issues.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-53754.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-53754 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-53754
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-53754 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-53754 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 08, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() When if_type equals zero and pci_resource_start(pdev, PCI_64BIT_BAR4) returns false, drbl_regs_memmap_p is not remapped. This passes a NULL pointer to iounmap(), which can trigger a WARN() on certain arches. When if_type equals six and pci_resource_start(pdev, PCI_64BIT_BAR4) returns true, drbl_regs_memmap_p may has been remapped and ctrl_regs_memmap_p is not remapped. This is a resource leak and passes a NULL pointer to iounmap(). To fix these issues, we need to add null checks before iounmap(), and change some goto labels. Added Reference https://git.kernel.org/stable/c/631d0fab143bef85ea0813596f1dda36e2b9724c Added Reference https://git.kernel.org/stable/c/74d90f92eafe8ccd12827228236a28a94eda6bcc Added Reference https://git.kernel.org/stable/c/7e5a54d1f00725a739dcd20f616d82eff4f764bd Added Reference https://git.kernel.org/stable/c/91a0c0c1413239d0548b5aac4c82f38f6d53a91e Added Reference https://git.kernel.org/stable/c/bab8dc38b1a0a12bc064fc064269033bdcf5b88e Added Reference https://git.kernel.org/stable/c/e6f1ef4a53856ed000b0f7265d7e16dcb00f4243 Added Reference https://git.kernel.org/stable/c/fd8c83d8375b9dac1949f2753485a5c055ebfad0