ghsa-vqg2-rjjw-jc84
Vulnerability from github
Published
2025-12-24 15:30
Modified
2025-12-24 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedi: Fix use after free bug in qedi_remove()

In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work with qedi_recovery_handler() and &qedi->board_disable_work with qedi_board_disable_work().

When qedi_schedule_recovery_handler() is called, schedule_delayed_work() will finally start the work.

In qedi_remove(), which is called to remove the driver, the following sequence may be observed:

Fix this by finishing the work before cleanup in qedi_remove().

CPU0 CPU1

                 |qedi_recovery_handler

qedi_remove | __qedi_remove | iscsi_host_free | scsi_host_put | //free shost | |iscsi_host_for_each_session |//use qedi->shost

Cancel recovery_work and board_disable_work in __qedi_remove().

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-54100"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T13:16:11Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix use after free bug in qedi_remove()\n\nIn qedi_probe() we call __qedi_probe() which initializes\n\u0026qedi-\u003erecovery_work with qedi_recovery_handler() and\n\u0026qedi-\u003eboard_disable_work with qedi_board_disable_work().\n\nWhen qedi_schedule_recovery_handler() is called, schedule_delayed_work()\nwill finally start the work.\n\nIn qedi_remove(), which is called to remove the driver, the following\nsequence may be observed:\n\nFix this by finishing the work before cleanup in qedi_remove().\n\nCPU0                  CPU1\n\n                     |qedi_recovery_handler\nqedi_remove          |\n  __qedi_remove      |\niscsi_host_free      |\nscsi_host_put        |\n//free shost         |\n                     |iscsi_host_for_each_session\n                     |//use qedi-\u003eshost\n\nCancel recovery_work and board_disable_work in __qedi_remove().",
  "id": "GHSA-vqg2-rjjw-jc84",
  "modified": "2025-12-24T15:30:37Z",
  "published": "2025-12-24T15:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54100"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/124027cd1a624ce0347adcd59241a9966a726b22"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3738a230831e861503119ee2691c4a7dc56ed60a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5e756a59cee6a8a79b9059c5bdf0ecbf5bb8d151"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/89f6023fc321c958a0fb11f143a6eb4544ae3940"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5749639f2d0a1f6cbe187d05f70c2e7c544d748"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa19c533ab19161298f0780bcc6523af88f6fd20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.