Fluid Attacks Database

Description

A use-after-free vulnerability was found in the MPI3MR SCSI driver. The evtack_cmds array is not properly initialized, causing invalid memory access via clear_bit() with incorrect bit indices during event acknowledgment.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	linux	>=0 <6.1.20-1	6.1.20-1
debian 12	linux	>=0 <6.1.20-1	6.1.20-1
debian 14	linux	>=0 <6.1.20-1	6.1.20-1
rpm rhel9	kernel	<0:5.14.0-362.8.1.el9_3	0:5.14.0-362.8.1.el9_3
rpm rhel8	kernel	<0:4.18.0-513.5.1.el8_9	0:4.18.0-513.5.1.el8_9
rpm rhel8	kernel-rt	-	-
rpm rhel9	kernel-rt	-	-

Aliases

1. CVE-2023-542342. NVD-2023-542343. OSV-DEBIAN-2023-542344. OSV-2023-542345. SECURITY-TRACKER-CVE-2023-54234

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.