CVE-2023-53322
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/09/2025
Last modified:
17/09/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
scsi: qla2xxx: Wait for io return on terminate rport<br />
<br />
System crash due to use after free.<br />
Current code allows terminate_rport_io to exit before making<br />
sure all IOs has returned. For FCP-2 device, IO&#39;s can hang<br />
on in HW because driver has not tear down the session in FW at<br />
first sign of cable pull. When dev_loss_tmo timer pops,<br />
terminate_rport_io is called and upper layer is about to<br />
free various resources. Terminate_rport_io trigger qla to do<br />
the final cleanup, but the cleanup might not be fast enough where it<br />
leave qla still holding on to the same resource.<br />
<br />
Wait for IO&#39;s to return to upper layer before resources are freed.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/079c8264ed9fea8cbcac01ad29040f901cbc3692
- https://git.kernel.org/stable/c/4647d2e88918a078359d1532d90c417a38542c9e
- https://git.kernel.org/stable/c/5bcdaafd92be6035ddc77fa76650cf9dd5b864c4
- https://git.kernel.org/stable/c/8a55556cd7e0220486163b1285ce11a8be2ce5fa
- https://git.kernel.org/stable/c/90770dad1eb30967ebd8d37d82830bcf270b3293
- https://git.kernel.org/stable/c/a9fe97fb7b4ee21bffb76f2acb05769bad27ae70
- https://git.kernel.org/stable/c/d25fded78d88e1515439b3ba581684d683e0b6ab
- https://git.kernel.org/stable/c/fc0cba0c7be8261a1625098bd1d695077ec621c9