CVE-2023-53754

Root

Cause The vulnerability resides in the lpfc_sli4_pci_mem_setup() function of the Linux kernel's lpfc SCSI driver. When if_type equals zero and pci_resource_start(pdev, PCI_64BIT_BAR4) returns false, the pointer drbl_regs_memmap_p is not remapped, leading to a NULL pointer being passed to iounmap(). Similarly, when if_type equals six and the same PCI resource call returns true, ctrl_regs_memmap_p may be left unremapped while drbl_regs_memmap_p has been remapped, resulting in both a resource leak and a NULL pointer passed to iounmap() [1][2].

Exploitability

This bug is triggered during driver initialization when specific PCI BAR resource conditions are met. An attacker with the ability to influence PCI BAR mappings or hardware configuration could potentially force these conditions, but the exact attack surface is limited and typically requires local access or physical presence. The bug manifests as a kernel warning on certain architectures when iounmap() is called with a NULL pointer.

Impact

Successful exploitation could lead to a denial of service via a system crash or kernel panic due to the NULL pointer dereference. The resource leak may also degrade system performance over time, but no privilege escalation or data corruption is implied.

Mitigation

The Linux kernel stable trees have released patches that add null checks before iounmap() calls and correct the goto labels to ensure proper resource handling. Users are advised to update their kernels to incorporate these fixes [1][2].