What is CVE-2023-54234?

CVE-2023-54234 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.17 onward and patched in 6.1.16, 6.2.3 and 6.3. CVE-2023-54234 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2023-54234?

CVE-2023-54234 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2023-54234?

Yes, CVE-2023-54234 has been patched. Fixed versions include 6.1.16, 6.2.3 and 6.3. If you are running Linux kernel 5.17 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2023-54234 actively exploited?

CVE-2023-54234 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2023-54234

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization Commit c1af985d27da ("scsi: mpi3mr: Add Event acknowledgment logic") introduced an array mrioc->evtack_cmds but initialization of the array elements was missed. They are just zero cleared. The function mpi3mr_complete_evt_ack() refers host_tag field of the elements. Due to the zero value of the host_tag field, the function calls clear_bit() for mrico->evtack_cmds_bitmap with wrong bit index. This results in memory access to invalid address and "BUG: KASAN: use-after-free". This BUG was observed at eHBA-9600 firmware update to version 8.3.1.0. To fix it, add the missing initialization of mrioc->evtack_cmds.

Package Linux Kernel

Published 2025-12-30

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 5.17 and later are affected. Fixed in 6.1.16, 6.2.3, 6.3 and their respective stable series.

Affected from

≥ 5.17

Fixed in

✓ 6.1.16 6.1.x ✓ 6.2.3 6.2.x ✓ 6.3

References

The following references provide additional information about CVE-2023-54234 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/4e0dfdb48a824deac3dfbc67fb856ef2aee13529
Patch
Kernel patch commit
https://git.kernel.org/stable/c/67989091e11a974003ddf2ec39bc613df8eadd83
Patch
Kernel patch commit
https://git.kernel.org/stable/c/e39ea831ebad4ab15c4748cb62a397a8abcca36e
Patch

Frequently asked questions

What is CVE-2023-54234?

CVE-2023-54234 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.17 onward and has been patched in 6.1.16, 6.2.3 and 6.3. CVE-2023-54234 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2023-54234?

Yes — CVE-2023-54234 has been patched. Fixed versions include 6.1.16, 6.2.3 and 6.3. If you are running Linux kernel 5.17 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2023-54234 actively exploited?

No — CVE-2023-54234 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.