CVE-2023-53116

Summary

In the Linux kernel, the following vulnerability has been resolved:

nvmet: avoid potential UAF in nvmet_req_complete()

An nvme target ->queue_response() operation implementation may free the request passed as argument. Such implementation potentially could result in a use after free of the request pointer when percpu_ref_put() is called in nvmet_req_complete().

Avoid such problem by using a local variable to save the sq pointer before calling __nvmet_req_complete(), thus avoiding dereferencing the req pointer after that function call.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < e5d99b29012bbf0e86929403209723b2806500c1affected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < fafcb4b26393870c45462f9af6a48e581dbbcf7eaffected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < 04c394208831d5e0d5cfee46722eb0f033cd4083affected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < a6317235da8aa7cb97529ebc8121cc2a4c4c437aaffected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < f1d5888a5efe345b63c430b256e95acb0a475642affected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < bcd535f07c58342302a2cd2bdd8894fe0872c8a9affected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < 8ed9813871038b25a934b21ab76b5b7dbf44fc3aaffected
LinuxLinuxa07b4970f464f13640e28e16dad6cfa33647cc99 < 6173a77b7e9d3e202bdb9897b23f2a8afe7bf286affected
LinuxLinux4.8affected
LinuxLinux0 < 4.8unaffected
LinuxLinux4.14.311 <= 4.14.*unaffected
LinuxLinux4.19.279 <= 4.19.*unaffected
LinuxLinux5.4.238 <= 5.4.*unaffected
LinuxLinux5.10.176 <= 5.10.*unaffected
LinuxLinux5.15.104 <= 5.15.*unaffected
LinuxLinux6.1.21 <= 6.1.*unaffected
LinuxLinux6.2.8 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References