VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54102

CVE-2023-54102

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow

A static code analysis tool flagged the possibility of buffer overflow when using copy_from_user() for a debugfs entry.

Currently, it is possible that copy_from_user() copies more bytes than what would fit in the mybuf char array. Add a min() restriction check between sizeof(mybuf) - 1 and nbytes passed from the userspace buffer to protect against buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overflow in lpfc_debugfs_lockstat_write() allows copying more data than the destination buffer can hold, fixed by adding a min() check fixes it.

Vulnerability

In the Linux kernel's SCSI lpfc driver, the function lpfc_debugfs_lockstat_write() is used to handle writes to a debugfs entry. A static code analysis tool identified that copy_from_user() could copy more bytes than the size of the local buffer mybuf, leading to a buffer overflow. The fix adds a min() restriction to ensure that the number of bytes copied is limited to sizeof(mybuf) - 1 [1][2][3].

Exploitation

An attacker with local access and the ability to write to the debugfs file system could trigger this overflow by providing a large input. No special privileges beyond the ability to write to debugfs are required, as the debugfs entry is typically accessible to unprivileged users in some configurations.

Impact

A successful buffer overflow could corrupt kernel memory, potentially leading to a denial of service (system crash) or, in some cases, privilege escalation. The vulnerability is considered moderate severity.

Mitigation

The fix has been applied to the Linux kernel stable branches. Users should update to a kernel version containing the commit that adds the min() restriction. No workaround is available other than restricting access to debugfs.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

6
644a9d5e2276
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
e0e7faee3a7d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
f91037487036
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a9df88cb31dc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
ad050f6cf681
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
c6087b82a914
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.