CVE-2023-53245

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: storvsc: Fix handling of virtual Fibre Channel timeouts

Hyper-V provides the ability to connect Fibre Channel LUNs to the host system and present them in a guest VM as a SCSI device. I/O to the vFC device is handled by the storvsc driver. The storvsc driver includes a partial integration with the FC transport implemented in the generic portion of the Linux SCSI subsystem so that FC attributes can be displayed in /sys. However, the partial integration means that some aspects of vFC don't work properly. Unfortunately, a full and correct integration isn't practical because of limitations in what Hyper-V provides to the guest.

In particular, in the context of Hyper-V storvsc, the FC transport timeout function fc_eh_timed_out() causes a kernel panic because it can't find the rport and dereferences a NULL pointer. The original patch that added the call from storvsc_eh_timed_out() to fc_eh_timed_out() is faulty in this regard.

In many cases a timeout is due to a transient condition, so the situation can be improved by just continuing to wait like with other I/O requests issued by storvsc, and avoiding the guaranteed panic. For a permanent failure, continuing to wait may result in a hung thread instead of a panic, which again may be better.

So fix the panic by removing the storvsc call to fc_eh_timed_out(). This allows storvsc to keep waiting for a response. The change has been tested by users who experienced a panic in fc_eh_timed_out() due to transient timeouts, and it solves their problem.

In the future we may want to deprecate the vFC functionality in storvsc since it can't be fully fixed. But it has current users for whom it is working well enough, so it should probably stay for a while longer.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3930d7309807ba0bfa460dfa9ed68d5560347dd2 < cd87f4df9865a53807001ed12c0f0420b14ececdaffected
LinuxLinux3930d7309807ba0bfa460dfa9ed68d5560347dd2 < 311db605e07f0d4fc0cc7ddb74f1e5692ea2f469affected
LinuxLinux3930d7309807ba0bfa460dfa9ed68d5560347dd2 < 048ebc9a28fb918ee635dd4b2fcf4248eb6e4050affected
LinuxLinux3930d7309807ba0bfa460dfa9ed68d5560347dd2 < 1678408d08f31a694d5150a56796dd04c9710b22affected
LinuxLinux3930d7309807ba0bfa460dfa9ed68d5560347dd2 < 7a792b3d888aab2c65389f9f4f9f2f6c000b1a0daffected
LinuxLinux3930d7309807ba0bfa460dfa9ed68d5560347dd2 < ed70fa5629a8b992a5372d7044d1db1f8fa6de29affected
LinuxLinux3930d7309807ba0bfa460dfa9ed68d5560347dd2 < 763c06565055ae373fe7f89c11e1447bd1ded264affected
LinuxLinux3930d7309807ba0bfa460dfa9ed68d5560347dd2 < 175544ad48cbf56affeef2a679c6a4d4fb1e2881affected
LinuxLinux4.13affected
LinuxLinux0 < 4.13unaffected
LinuxLinux4.14.323 <= 4.14.*unaffected
LinuxLinux4.19.292 <= 4.19.*unaffected
LinuxLinux5.4.254 <= 5.4.*unaffected
LinuxLinux5.10.191 <= 5.10.*unaffected
LinuxLinux5.15.127 <= 5.15.*unaffected
LinuxLinux6.1.46 <= 6.1.*unaffected
LinuxLinux6.4.11 <= 6.4.*unaffected
LinuxLinux6.5 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References