CVE-2023-54184

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: target: iscsit: Free cmds before session free<br /> <br /> Commands from recovery entries are freed after session has been closed.<br /> That leads to use-after-free at command free or NPE with such call trace:<br /> <br /> Time2Retain timer expired for SID: 1, cleaning up iSCSI session.<br /> BUG: kernel NULL pointer dereference, address: 0000000000000140<br /> RIP: 0010:sbitmap_queue_clear+0x3a/0xa0<br /> Call Trace:<br /> target_release_cmd_kref+0xd1/0x1f0 [target_core_mod]<br /> transport_generic_free_cmd+0xd1/0x180 [target_core_mod]<br /> iscsit_free_cmd+0x53/0xd0 [iscsi_target_mod]<br /> iscsit_free_connection_recovery_entries+0x29d/0x320 [iscsi_target_mod]<br /> iscsit_close_session+0x13a/0x140 [iscsi_target_mod]<br /> iscsit_check_post_dataout+0x440/0x440 [iscsi_target_mod]<br /> call_timer_fn+0x24/0x140<br /> <br /> Move cleanup of recovery enrties to before session freeing.