CVE-2023-54011
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpi3mr: Fix an issue found by KASAN
Write only correct size (32 instead of 64 bytes).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel mpi3mr SCSI driver, a buffer over-write occurs due to writing 64 bytes instead of the correct 32, leading to potential memory corruption.
Vulnerability
In the Linux kernel's mpi3mr SCSI driver, a bug was found where the driver writes 64 bytes to a buffer that is only 32 bytes in size. This is an out-of-bounds write that can corrupt adjacent memory. The issue was identified by KASAN (Kernel Address Sanitizer) and is described in the kernel stable fix [1][2].
Exploitation
The vulnerability exists in the driver's data handling path. To trigger the bug, an attacker would need to send specially crafted SCSI commands or interact with a malicious SCSI device. The attack surface is limited to systems with the mpi3mr driver loaded and requires local access to the SCSI subsystem.
Impact
Successful exploitation could lead to memory corruption, potentially causing a denial of service (kernel panic) or, in some cases, privilege escalation if the corruption is leveraged to overwrite sensitive data. The exact impact depends on the system's configuration and kernel hardening.
Mitigation
The fix is included in the Linux kernel stable tree as commits [1] and [2]. Users are advised to update to the latest kernel version containing these patches. No workaround is available.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
3abfe73c16b29c8755f913a2fae7d45f5283dVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.