CVE-2023-54289

Root

Cause

The vulnerability exists in the qedf_alloc_global_queues() function within the QLogic Fibre Channel (qedf) driver of the Linux kernel. A static analysis (Smatch) warning revealed that the function's error path is missing an early return when no allocations have occurred yet [1] [2] [3]. At the point where the error path incorrectly invokes cleanup, the qedf->global_queues pointer has not been allocated, and the local gl pointer is still NULL, leading to a NULL pointer dereference when the code attempts to iterate over gl[i] inside qedf_free_global_queues().

Exploitation

Context

This is a local bug triggered during driver initialization failure. No special privileges or network access are required beyond the ability to cause the driver to load and then fail memory allocation early in the probe sequence. The attacker would need to influence system conditions (e.g., by exhausting memory) to induce the allocation failure at the specific point before global_queues is set.

Impact

If triggered, the NULL dereference results in a kernel crash (oops) or system denial of service. An attacker able to force the vulnerable code path can cause the system to become unavailable. No privilege escalation or data leak is associated with this bug.

Mitigation

The fix was applied in the Linux kernel stable trees [1] [2] [3] and consists of adding a direct return from the error path when no memory has been allocated yet, thus preventing the unsafe call to qedf_free_global_queues(). All downstream stable kernels that include the vulnerable commit should be updated.