CVE-2023-53615

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix deletion race condition

System crash when using debug kernel due to link list corruption. The cause of the link list corruption is due to session deletion was allowed to queue up twice. Here's the internal trace that show the same port was allowed to double queue for deletion on different cpu.

20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1 20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1

Move the clearing/setting of deleted flag lock.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux726b85487067d7f5b23495bc33c484b8517c4074 < a4628a5b98e4c6d905e1f7638242612d7db7d9c2affected
LinuxLinux726b85487067d7f5b23495bc33c484b8517c4074 < 4d7da12483e98c451a51bd294a3d3494f0aee5ebaffected
LinuxLinux726b85487067d7f5b23495bc33c484b8517c4074 < f1ea164be545629bf442c22f508ad9e7b94ac100affected
LinuxLinux726b85487067d7f5b23495bc33c484b8517c4074 < cd06c45b326e44f0d21dc1b3fa23e71f46847e28affected
LinuxLinux726b85487067d7f5b23495bc33c484b8517c4074 < b05017cb4ff75eea783583f3d400059507510ab1affected
LinuxLinux726b85487067d7f5b23495bc33c484b8517c4074 < 6dfe4344c168c6ca20fe7640649aacfcefcccb26affected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux5.4.258 <= 5.4.*unaffected
LinuxLinux5.10.195 <= 5.10.*unaffected
LinuxLinux5.15.132 <= 5.15.*unaffected
LinuxLinux6.1.54 <= 6.1.*unaffected
LinuxLinux6.5.4 <= 6.5.*unaffected
LinuxLinux6.6 <= *unaffected

Weaknesses

References