fkie_cve-2023-54100
Vulnerability from fkie_nvd
Published
2025-12-24 13:16
Modified
2025-12-24 13:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedi: Fix use after free bug in qedi_remove()
In qedi_probe() we call __qedi_probe() which initializes
&qedi->recovery_work with qedi_recovery_handler() and
&qedi->board_disable_work with qedi_board_disable_work().
When qedi_schedule_recovery_handler() is called, schedule_delayed_work()
will finally start the work.
In qedi_remove(), which is called to remove the driver, the following
sequence may be observed:
Fix this by finishing the work before cleanup in qedi_remove().
CPU0 CPU1
|qedi_recovery_handler
qedi_remove |
__qedi_remove |
iscsi_host_free |
scsi_host_put |
//free shost |
|iscsi_host_for_each_session
|//use qedi->shost
Cancel recovery_work and board_disable_work in __qedi_remove().
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix use after free bug in qedi_remove()\n\nIn qedi_probe() we call __qedi_probe() which initializes\n\u0026qedi-\u003erecovery_work with qedi_recovery_handler() and\n\u0026qedi-\u003eboard_disable_work with qedi_board_disable_work().\n\nWhen qedi_schedule_recovery_handler() is called, schedule_delayed_work()\nwill finally start the work.\n\nIn qedi_remove(), which is called to remove the driver, the following\nsequence may be observed:\n\nFix this by finishing the work before cleanup in qedi_remove().\n\nCPU0 CPU1\n\n |qedi_recovery_handler\nqedi_remove |\n __qedi_remove |\niscsi_host_free |\nscsi_host_put |\n//free shost |\n |iscsi_host_for_each_session\n |//use qedi-\u003eshost\n\nCancel recovery_work and board_disable_work in __qedi_remove()."
}
],
"id": "CVE-2023-54100",
"lastModified": "2025-12-24T13:16:11.890",
"metrics": {},
"published": "2025-12-24T13:16:11.890",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/124027cd1a624ce0347adcd59241a9966a726b22"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/3738a230831e861503119ee2691c4a7dc56ed60a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/5e756a59cee6a8a79b9059c5bdf0ecbf5bb8d151"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/89f6023fc321c958a0fb11f143a6eb4544ae3940"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/c5749639f2d0a1f6cbe187d05f70c2e7c544d748"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/fa19c533ab19161298f0780bcc6523af88f6fd20"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Received"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…