{
  "threat_severity" : "Moderate",
  "public_date" : "2025-05-02T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info",
    "id" : "2363718",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2363718"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nqed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info\nWe have to make sure that the info returned by the helper is valid\nbefore using it.\nFound by Linux Verification Center (linuxtesting.org) with the SVACE\nstatic analysis tool.", "A flaw was found in the QED SR-IOV support in the Linux kernel. Improper validation of the value returned from the qed_iov_get_vf_info function can cause a NULL pointer dereference and result in a denial of service." ],
  "statement" : "This issue has been fixed in Red Hat Enterprise Linux 9.6 via RHSA-2025:6966 [1].\n[1]. https://access.redhat.com/errata/RHSA-2025:6966",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53066\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53066\nhttps://lore.kernel.org/linux-cve-announce/2025050211-CVE-2023-53066-cba3@gregkh/T" ],
  "name" : "CVE-2023-53066",
  "csaw" : false
}