VYPR
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Apr 15, 2026

CVE-2023-54234

CVE-2023-54234

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization

Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtack_cmds but initialization of the array elements was missed. They are just zero cleared. The function mpi3mr_complete_evt_ack() refers host_tag field of the elements. Due to the zero value of the host_tag field, the function calls clear_bit() for mrico->evtack_cmds_bitmap with wrong bit index. This results in memory access to invalid address and "BUG: KASAN: use-after-free". This BUG was observed at eHBA-9600 firmware update to version 8.3.1.0. To fix it, add the missing initialization of mrioc->evtack_cmds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

37

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.