CVE-2023-7324 - Vulnerability Details

- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses

Sanitize possible addl_desc_ptr out-of-bounds accesses in
ses_enclosure_data_process().

Published: 2025-10-29

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`9927c68864e9c39cc317b4f559309ba29e642168`	affected	< af5114d824f3511a69d68beff49ca9a7c32d44e0
`9927c68864e9c39cc317b4f559309ba29e642168`	affected	< a156a262c543fa5ff30bcb2fc6ad1a95cb4ab57a
`9927c68864e9c39cc317b4f559309ba29e642168`	affected	< 8e454aba72805241239caf8ba9b8e5a6be772b96
`9927c68864e9c39cc317b4f559309ba29e642168`	affected	< 2ecd344173a5663d523433819da0484cb268b186
`9927c68864e9c39cc317b4f559309ba29e642168`	affected	< 384aa697d8f2a28b5e962f5292cdfd2e528b5df7
`9927c68864e9c39cc317b4f559309ba29e642168`	affected	< 27067c672980b497cc34048b69b12820851ac6b9
`9927c68864e9c39cc317b4f559309ba29e642168`	affected	< b91ef85a32fdba45fcbad87dd526d73d3b6d857d
`9927c68864e9c39cc317b4f559309ba29e642168`	affected	< db95d4df71cb55506425b6e4a5f8d68e3a765b63

Linux

affected

Version	Status	Constraints
`2.6.25`	affected	—
`0`	unaffected	< 2.6.25
`4.14.308`	unaffected	≤ 4.14.*
`4.19.276`	unaffected	≤ 4.19.*
`5.4.235`	unaffected	≤ 5.4.*
`5.10.173`	unaffected	≤ 5.10.*
`5.15.99`	unaffected	≤ 5.15.*
`6.1.16`	unaffected	≤ 6.1.*
`6.2.3`	unaffected	≤ 6.2.*
`6.3`	unaffected	≤ *

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/27067c672980b497cc34048b69b12820851ac6b9
https://git.kernel.org/stable/c/2ecd344173a5663d523433819da0484cb268b186
https://git.kernel.org/stable/c/384aa697d8f2a28b5e962f5292cdfd2e528b5df7
https://git.kernel.org/stable/c/8e454aba72805241239caf8ba9b8e5a6be772b96
https://git.kernel.org/stable/c/a156a262c543fa5ff30bcb2fc6ad1a95cb4ab57a
https://git.kernel.org/stable/c/af5114d824f3511a69d68beff49ca9a7c32d44e0
https://git.kernel.org/stable/c/b91ef85a32fdba45fcbad87dd526d73d3b6d857d
https://git.kernel.org/stable/c/db95d4df71cb55506425b6e4a5f8d68e3a765b63
https://lore.kernel.org/linux-cve-announce/2025102918-CVE-2023-7324-8dca@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-7324
https://www.cve.org/CVERecord?id=CVE-2023-7324

History

Mon, 05 Jan 2026 11:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel::::::::

Thu, 30 Oct 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Thu, 30 Oct 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025102918-CVE-2023-7324-8dca@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-7324 https://www.cve.org/CVERecord?id=CVE-2023-7324
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 29 Oct 2025 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process().
Title		scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
References		https://git.kernel.org/stable/c/27067c672980b497cc34048b69b12820851ac6b9 https://git.kernel.org/stable/c/2ecd344173a5663d523433819da0484cb268b186 https://git.kernel.org/stable/c/384aa697d8f2a28b5e962f5292cdfd2e528b5df7 https://git.kernel.org/stable/c/8e454aba72805241239caf8ba9b8e5a6be772b96 https://git.kernel.org/stable/c/a156a262c543fa5ff30bcb2fc6ad1a95cb4ab57a https://git.kernel.org/stable/c/af5114d824f3511a69d68beff49ca9a7c32d44e0 https://git.kernel.org/stable/c/b91ef85a32fdba45fcbad87dd526d73d3b6d857d https://git.kernel.org/stable/c/db95d4df71cb55506425b6e4a5f8d68e3a765b63

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-29T13:46:14.184Z

Updated: 2026-05-11T19:59:49.515Z

Reserved: 2025-10-29T13:44:46.603Z

Link: CVE-2023-7324

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2025-10-29T14:15:49.927

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-7324

Redhat

Severity : Moderate

Publid Date: 2025-10-29T00:00:00Z

Links: CVE-2023-7324 - Bugzilla

OpenCVE Enrichment

Updated: 2025-10-30T14:38:26Z

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object