Detections
Analytics

CVE-2023-54156

medium

Description

In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as the NIC has been fini'd. In this case do not attempt to fetch the latest stats from the hardware, else we will crash on a NULL dereference: BUG: kernel NULL pointer dereference, address: 0000000000000038 RIP efx_nic_update_stats abridged calltrace: efx_ef10_update_stats_pf efx_net_stats dev_get_stats dev_seq_printf_stats Skipping the read is safe, we will simply give out stale stats. To ensure that the free in efx_ef10_fini_nic() does not race against efx_ef10_update_stats_pf(), which could cause a TOCTTOU bug, take the efx->stats_lock in fini_nic (it is already held across update_stats).

References

https://git.kernel.org/stable/c/d1b355438b8325a486f087e506d412c4e852f37b

https://git.kernel.org/stable/c/cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb

https://git.kernel.org/stable/c/aba32b4c58112960c0c708703ca6b44dc8944082

https://git.kernel.org/stable/c/91f4ef204e731565afdc6c2a7fcf509a3fd6fd67

https://git.kernel.org/stable/c/470152d76b3ed107d172ea46acc4bfa941f20b4b

https://git.kernel.org/stable/c/446f5567934331923d0aec4ce045e4ecb0174aae

Details

Source: Mitre, NVD

Published: 2025-12-24

Updated: 2025-12-29

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024