vulnerability
Ubuntu: (CVE-2023-54156): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:S/C:P/I:P/A:C) | Dec 24, 2025 | Jan 6, 2026 | Jan 12, 2026 |
Description
In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as the NIC has been fini'd. In this case do not attempt to fetch the latest stats from the hardware, else we will crash on a NULL dereference: BUG: kernel NULL pointer dereference, address: 0000000000000038 RIP efx_nic_update_stats abridged calltrace: efx_ef10_update_stats_pf efx_net_stats dev_get_stats dev_seq_printf_stats Skipping the read is safe, we will simply give out stale stats. To ensure that the free in efx_ef10_fini_nic() does not race against efx_ef10_update_stats_pf(), which could cause a TOCTTOU bug, take the efx->stats_lock in fini_nic (it is already held across update_stats).
Solutions
References
- CVE-2023-54156
- https://attackerkb.com/topics/CVE-2023-54156
- URL-https://git.kernel.org/stable/c/446f5567934331923d0aec4ce045e4ecb0174aae
- URL-https://git.kernel.org/stable/c/470152d76b3ed107d172ea46acc4bfa941f20b4b
- URL-https://git.kernel.org/stable/c/91f4ef204e731565afdc6c2a7fcf509a3fd6fd67
- URL-https://git.kernel.org/stable/c/aba32b4c58112960c0c708703ca6b44dc8944082
- URL-https://git.kernel.org/stable/c/cb1aa7cc562cab6a87ea33574c8c65f2d2fd7aeb
- URL-https://git.kernel.org/stable/c/d1b355438b8325a486f087e506d412c4e852f37b
- URL-https://www.cve.org/CVERecord?id=CVE-2023-54156
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.