Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The cause of the link list corruption is due to session deletion was allowed to queue up twice. Here's the internal trace that show the same port was allowed to double queue for deletion on different cpu. 20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1 20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1 Move the clearing/setting of deleted flag lock.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.11, < 5.4.258 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/4d7da12483e98c451a51bd294a3d3494f0aee5ebPatch
- https://git.kernel.org/stable/c/6dfe4344c168c6ca20fe7640649aacfcefcccb26Patch
- https://git.kernel.org/stable/c/a4628a5b98e4c6d905e1f7638242612d7db7d9c2Patch
- https://git.kernel.org/stable/c/b05017cb4ff75eea783583f3d400059507510ab1Patch
- https://git.kernel.org/stable/c/cd06c45b326e44f0d21dc1b3fa23e71f46847e28Patch
- https://git.kernel.org/stable/c/f1ea164be545629bf442c22f508ad9e7b94ac100Patch
FAQ
What is CVE-2023-53615?
CVE-2023-53615 is a vulnerability with a CVSS score of 4.7 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The cause of the link...
How severe is CVE-2023-53615?
CVE-2023-53615 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-53615?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.