CVE-2023-53451: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability has been identified in the Linux kernel's SCSI qla2xxx driver, tracked as CVE-2023-53451. The issue was discovered and reported by the Klocwork static analysis tool, which identified a potential NULL pointer dereference vulnerability in the driver. The vulnerability was disclosed on October 1, 2025 (NVD).

The vulnerability exists in the SCSI qla2xxx driver where a pointer 'cur_dsd' may be dereferenced without proper validation. The issue has been assigned a low severity rating with a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (RedHat). The vulnerability is classified under CWE-476 (NULL Pointer Dereference).

The vulnerability could lead to a system crash if exploited, potentially causing a denial of service condition. The impact is limited by the fact that local access and privileges are required to exploit the vulnerability (RedHat).

The vulnerability has been fixed in various Linux distributions. Ubuntu has released patches for multiple kernel versions, including version 5.15.0-86.96~20.04.1 for Ubuntu 20.04 LTS. Red Hat has addressed the issue in RHEL 8 with kernel version 4.18.0-553.el810 and RHEL 9 with kernel version 5.14.0-427.13.1.el94 (Ubuntu, RedHat).