CVE-2023-53322
scsi: qla2xxx: Wait for io return on terminate rport
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.8EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
16 sep 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Wait for io return on terminate rport
System crash due to use after free.
Current code allows terminate_rport_io to exit before making
sure all IOs has returned. For FCP-2 device, IO's can hang
on in HW because driver has not tear down the session in FW at
first sign of cable pull. When dev_loss_tmo timer pops,
terminate_rport_io is called and upper layer is about to
free various resources. Terminate_rport_io trigger qla to do
the final cleanup, but the cleanup might not be fast enough where it
leave qla still holding on to the same resource.
Wait for IO's to return to upper layer before resources are freed.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Linux · LinuxReferencias
https://git.kernel.org/stable/c/079c8264ed9fea8cbcac01ad29040f901cbc3692https://git.kernel.org/stable/c/4647d2e88918a078359d1532d90c417a38542c9ehttps://git.kernel.org/stable/c/5bcdaafd92be6035ddc77fa76650cf9dd5b864c4https://git.kernel.org/stable/c/8a55556cd7e0220486163b1285ce11a8be2ce5fahttps://git.kernel.org/stable/c/90770dad1eb30967ebd8d37d82830bcf270b3293https://git.kernel.org/stable/c/a9fe97fb7b4ee21bffb76f2acb05769bad27ae70https://git.kernel.org/stable/c/d25fded78d88e1515439b3ba581684d683e0b6abhttps://git.kernel.org/stable/c/fc0cba0c7be8261a1625098bd1d695077ec621c9