CVE-2023-54315
Description
In the Linux kernel, the following vulnerability has been resolved:
powerpc/powernv/sriov: perform null check on iov before dereferencing iov
Currently pointer iov is being dereferenced before the null check of iov which can lead to null pointer dereference errors. Fix this by moving the iov null check before the dereferencing.
Detected using cppcheck static analysis: linux/arch/powerpc/platforms/powernv/pci-sriov.c:597:12: warning: Either the condition '!iov' is redundant or there is possible null pointer dereference: iov. [nullPointerRedundantCheck] num_vfs = iov->num_vfs; ^
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null-pointer dereference in Linux powerpc/powernv SRIOV code was fixed by moving the null check for 'iov' before its dereference.
Root
Cause
In the Linux kernel's powerpc/powernv platform, the Single Root I/O Virtualization (SRIOV) code in pci-sriov.c contains a null-pointer dereference. The pointer iov is dereferenced at line 597 (num_vfs = iov->num_vfs) before a null check is performed, which could lead to a crash if iov is NULL. This was detected using cppcheck static analysis [1].
Exploitation
An attacker would need to trigger a code path where iov is NULL while the vulnerable code is executed. This may require local access to the system, as the vulnerability lies in kernel code that handles SRIOV configuration. No authentication or network access is required if the attacker can already run code or influence device state.
Impact
A successful exploitation results in a denial of service (kernel panic or crash) due to a null pointer dereference. The impact is limited to system availability; there is no evidence of privilege escalation or data corruption.
Mitigation
The fix moves the null check before the dereference and is included in stable kernel updates [1][2]. Users should apply the corresponding kernel patch or update to a version containing this commit.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
607c19c0ad4b0d3a0d96c16e5d9a1aaea85606314465b880772990144e17ef4f913c980bcVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/07c19c0ad4b07f4b598da369714de028f6a6a323nvd
- git.kernel.org/stable/c/6314465b88072a6b6f3b3c12a7898abe09095f95nvd
- git.kernel.org/stable/c/72990144e17e5e2cb378f1d9b10530b85b9bc382nvd
- git.kernel.org/stable/c/d3a0d96c16e5f8d55e2c70163abda3c7c8328106nvd
- git.kernel.org/stable/c/d9a1aaea856002cb58dfb7c8d8770400fa1a0299nvd
- git.kernel.org/stable/c/f4f913c980bc6abe0ccfe88fe3909c125afe4a2dnvd
News mentions
0No linked articles in our index yet.