CVE-2023-53207

Summary

In the Linux kernel, the following vulnerability has been resolved:

ublk: fail to recover device if queue setup is interrupted

In ublk_ctrl_end_recovery(), if wait_for_completion_interruptible() is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLK_CMD_END_USER_RECOVERY, otherwise kernel oops can be triggered.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc732a852b419fa057b53657e2daaf9433940391c < 84415f934ad4e96f3507fd09b831953d60fb04ecaffected
LinuxLinuxc732a852b419fa057b53657e2daaf9433940391c < b3a1e243a74632f88b22e713f1c7256754017d58affected
LinuxLinuxc732a852b419fa057b53657e2daaf9433940391c < 0c0cbd4ebc375ceebc75c89df04b74f215fab23aaffected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux6.1.43 <= 6.1.*unaffected
LinuxLinux6.4.8 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References