CVE-2023-54108 - Vulnerability Details

- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests

The following message and call trace was seen with debug kernels:

DMA-API: qla2xxx 0000:41:00.0: device driver failed to check map
error [device address=0x00000002a3ff38d8] [size=1024 bytes] [mapped as
single]
WARNING: CPU: 0 PID: 2930 at kernel/dma/debug.c:1017
check_unmap+0xf42/0x1990

Call Trace:
debug_dma_unmap_page+0xc9/0x100
qla_nvme_ls_unmap+0x141/0x210 [qla2xxx]

Remove DMA mapping from the driver altogether, as it is already done by FC
layer. This prevents the warning.

Published: 2025-12-24

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`2d087c7e55db420107c3ea97b228e067a7b488a1`	affected	< 3a564de3a299856f2cbd289649cea2e20d671a43
`0910a791a6d7fd331f231f48200e18babb519769`	affected	< e596253113b69b4018818260bd5da40c201bee73
`c9d6081a5f18286ad62afc1e9e06a90cfd626902`	affected	< 77302fb0e357da666d5249a6e91078feeef3dade
`c85ab7d9e27a80e48d5b7d7fb2fe2b0fdb2de523`	affected	< 3ee4f1991c54c6707aa9df47e51c02ea25bb63e3
`c85ab7d9e27a80e48d5b7d7fb2fe2b0fdb2de523`	affected	< ad6af23593594402c826eefdf43ae174e5f0f202
`c85ab7d9e27a80e48d5b7d7fb2fe2b0fdb2de523`	affected	< c75e6aef5039830cce5d4cf764dd204522f89e6b
`9765319079131d6a6019caec661825808c6405f1`	affected	—
`c05f4f6485726faae08073f947368ee10439d3f0`	affected	—
`5.4.189`	affected	< 5.4.235
`5.10.110`	affected	< 5.10.173
`5.15.33`	affected	< 5.15.99
`5.16.19`	affected	< 5.17
`5.17.2`	affected	< 5.18

Linux

affected

Version	Status	Constraints
`5.18`	affected	—
`0`	unaffected	< 5.18
`5.4.235`	unaffected	≤ 5.4.*
`5.10.173`	unaffected	≤ 5.10.*
`5.15.99`	unaffected	≤ 5.15.*
`6.1.16`	unaffected	≤ 6.1.*
`6.2.3`	unaffected	≤ 6.2.*
`6.3`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3a564de3a299856f2cbd289649cea2e20d671a43
https://git.kernel.org/stable/c/3ee4f1991c54c6707aa9df47e51c02ea25bb63e3
https://git.kernel.org/stable/c/77302fb0e357da666d5249a6e91078feeef3dade
https://git.kernel.org/stable/c/ad6af23593594402c826eefdf43ae174e5f0f202
https://git.kernel.org/stable/c/c75e6aef5039830cce5d4cf764dd204522f89e6b
https://git.kernel.org/stable/c/e596253113b69b4018818260bd5da40c201bee73
https://lore.kernel.org/linux-cve-announce/2025122412-CVE-2023-54108-d5be@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-54108
https://www.cve.org/CVERecord?id=CVE-2023-54108

History

Thu, 25 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025122412-CVE-2023-54108-d5be@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-54108 https://www.cve.org/CVERecord?id=CVE-2023-54108
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 24 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests The following message and call trace was seen with debug kernels: DMA-API: qla2xxx 0000:41:00.0: device driver failed to check map error [device address=0x00000002a3ff38d8] [size=1024 bytes] [mapped as single] WARNING: CPU: 0 PID: 2930 at kernel/dma/debug.c:1017 check_unmap+0xf42/0x1990 Call Trace: debug_dma_unmap_page+0xc9/0x100 qla_nvme_ls_unmap+0x141/0x210 [qla2xxx] Remove DMA mapping from the driver altogether, as it is already done by FC layer. This prevents the warning.
Title		scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3a564de3a299856f2cbd289649cea2e20d671a43 https://git.kernel.org/stable/c/3ee4f1991c54c6707aa9df47e51c02ea25bb63e3 https://git.kernel.org/stable/c/77302fb0e357da666d5249a6e91078feeef3dade https://git.kernel.org/stable/c/ad6af23593594402c826eefdf43ae174e5f0f202 https://git.kernel.org/stable/c/c75e6aef5039830cce5d4cf764dd204522f89e6b https://git.kernel.org/stable/c/e596253113b69b4018818260bd5da40c201bee73

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T13:06:32.184Z

Updated: 2026-05-23T15:32:46.827Z

Reserved: 2025-12-24T13:02:52.518Z

Link: CVE-2023-54108

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-12-24T13:16:12.690

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-54108

Redhat

Severity : Moderate

Publid Date: 2025-12-24T00:00:00Z

Links: CVE-2023-54108 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object