CVE-2023-53510
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix handling of lrbp->cmd
ufshcd_queuecommand() may be called two times in a row for a SCSI command before it is completed. Hence make the following changes:
In the functions that submit a command, do not check the old value of lrbp->cmd nor clear lrbp->cmd in error paths.
In ufshcd_release_scsi_cmd(), do not clear lrbp->cmd.
See also scsi_send_eh_cmnd().
This commit prevents that the following appears if a command times out:
WARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcd_queuecommand+0x6f8/0x9a8 Call trace: ufshcd_queuecommand+0x6f8/0x9a8 scsi_send_eh_cmnd+0x2c0/0x960 scsi_eh_test_devices+0x100/0x314 scsi_eh_ready_devs+0xd90/0x114c scsi_error_handler+0x2b4/0xb70 kthread+0x16c/0x1e0
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5a0b0cb9bee767ef10ff9ce2fb4141af06416288 < b6d76d63c6d21d5d26c301a46853a2aee72397d5 | affected |
| Linux | Linux | 5a0b0cb9bee767ef10ff9ce2fb4141af06416288 < f3ee24af62681b942bbd799ac77b90a6d7e1fdb1 | affected |
| Linux | Linux | 5a0b0cb9bee767ef10ff9ce2fb4141af06416288 < 49234a401e161a2f2698f4612ab792c49b3cad1b | affected |
| Linux | Linux | 5a0b0cb9bee767ef10ff9ce2fb4141af06416288 < 549e91a9bbaa0ee480f59357868421a61d369770 | affected |
| Linux | Linux | 3.12 | affected |
| Linux | Linux | 0 < 3.12 | unaffected |
| Linux | Linux | 6.1.167 <= 6.1.* | unaffected |
| Linux | Linux | 6.3.13 <= 6.3.* | unaffected |
| Linux | Linux | 6.4.4 <= 6.4.* | unaffected |
| Linux | Linux | 6.5 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/b6d76d63c6d21d5d26c301a46853a2aee72397d5
- https://git.kernel.org/stable/c/f3ee24af62681b942bbd799ac77b90a6d7e1fdb1
- https://git.kernel.org/stable/c/49234a401e161a2f2698f4612ab792c49b3cad1b
- https://git.kernel.org/stable/c/549e91a9bbaa0ee480f59357868421a61d369770
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.