PT-2025-40237 · Hewlett Packard+5 · Hpe Proliant Xl420 Gen10+5

Published

2023-08-31

·

Updated

2026-03-14

·

CVE-2023-53530

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-70.22.1.el9 0.x86 64+debug
Description The Linux kernel contains an issue within the qla2xxx SCSI driver. The problem stems from the use of smp processor id() instead of raw smp processor id(). This can lead to a kernel bug when preemption is enabled, as demonstrated by a call trace involving qla nvme post cmd(). The issue was observed in a system running kernel version 5.14.0-70.22.1.el9 0.x86 64+debug on HPE ProLiant XL420 Gen10 hardware. The fix involves using raw smp processor id() and queue work() instead of queue work on() to avoid using smp processor id() when CONFIG DEBUG PREEMPT is enabled.
Recommendations Update to a version later than 5.14.0-70.22.1.el9 0.x86 64+debug.

Exploit

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-663

Related Identifiers

ALSA-2025_16880
BDU:2025-16236
CESA-2024_3138
CVE-2023-53530
RHSA-2024:2394
RHSA-2024:3138
RHSA-2024_2394
RHSA-2024_3138
SUSE-SU-2025:03600-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03615-1
SUSE-SU-2025:03628-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:3716-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:3761-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1

Affected Products

Centos
Debian
Hpe Proliant Xl420 Gen10
Linux Kernel
Red Hat
Suse