CVE-2023-54310

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition<br /> <br /> mptlan_probe() calls mpt_register_lan_device() which initializes the<br /> &amp;priv-&gt;post_buckets_task workqueue. A call to<br /> mpt_lan_wake_post_buckets_task() will subsequently start the work.<br /> <br /> During driver unload in mptlan_remove() the following race may occur:<br /> <br /> CPU0 CPU1<br /> <br /> |mpt_lan_post_receive_buckets_work()<br /> mptlan_remove() |<br /> free_netdev() |<br /> kfree(dev); |<br /> |<br /> | dev-&gt;mtu<br /> | //use<br /> <br /> Fix this by finishing the work prior to cleaning up in mptlan_remove().<br /> <br /> [mkp: we really should remove mptlan instead of attempting to fix it]