CVE-2023-53464

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()

The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()") introduced this change which may lead to inconsistent values of tcp_sw_conn->sendpage and conn->datadgst_en.

Fix the issue by moving the position of the assignment.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux884a788f065578bb640382279a83d1df433b13e6 < 499757ad3332e2527254f9ab68dec1da087b1d96affected
LinuxLinuxa26b0658751bb0a3b28386fca715333b104d32a2 < 5e5c5f472972c4bc9430adc08b36763a0fa5b9f7affected
LinuxLinux57569c37f0add1b6489e1a1563c71519daf732cf < 6e06a68fbbfcd8576eee8f7139fa2b13c9b72e91affected
LinuxLinux57569c37f0add1b6489e1a1563c71519daf732cf < b287e21e73ec23f3788fbe40037c42dbe6e9a9a9affected
LinuxLinux57569c37f0add1b6489e1a1563c71519daf732cf < 48b19b79cfa37b1e50da3b5a8af529f994c08901affected
LinuxLinux897dbbc57d71e8a34ec1af8e573a142de457da38affected
LinuxLinux0a0b861fce2657ba08ec356a74346b37ca4b2008affected
LinuxLinux5.10.150 < 5.10.178affected
LinuxLinux5.15.75 < 5.15.107affected
LinuxLinux5.19.17 < 5.20affected
LinuxLinux6.0.3 < 6.1affected
LinuxLinux6.1affected
LinuxLinux0 < 6.1unaffected
LinuxLinux5.10.178 <= 5.10.*unaffected
LinuxLinux5.15.107 <= 5.15.*unaffected
LinuxLinux6.1.24 <= 6.1.*unaffected
LinuxLinux6.2.11 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References