CVE-2023-53510

HIGH

Linux kernel - Use-After-Free in UFS SCSI Command Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix handling of lrbp->cmd ufshcd_queuecommand() may be called two times in a row for a SCSI command before it is completed. Hence make the following changes: - In the functions that submit a command, do not check the old value of lrbp->cmd nor clear lrbp->cmd in error paths. - In ufshcd_release_scsi_cmd(), do not clear lrbp->cmd. See also scsi_send_eh_cmnd(). This commit prevents that the following appears if a command times out: WARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcd_queuecommand+0x6f8/0x9a8 Call trace: ufshcd_queuecommand+0x6f8/0x9a8 scsi_send_eh_cmnd+0x2c0/0x960 scsi_eh_test_devices+0x100/0x314 scsi_eh_ready_devs+0xd90/0x114c scsi_error_handler+0x2b4/0xb70 kthread+0x16c/0x1e0

References (4)

Core 4

Core References

https://git.kernel.org/stable/c/b6d76d63c6d21d5d26c301a46853a2aee72397d5

Patch

https://git.kernel.org/stable/c/f3ee24af62681b942bbd799ac77b90a6d7e1fdb1

Patch

https://git.kernel.org/stable/c/49234a401e161a2f2698f4612ab792c49b3cad1b

Patch

https://git.kernel.org/stable/c/549e91a9bbaa0ee480f59357868421a61d369770

Scores

CVSS v3 7.8

EPSS 0.0014

EPSS Percentile 3.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-415

Status published

Products (11)

Linux/Linux < 3.12

Linux/Linux 3.12

Linux/Linux 5a0b0cb9bee767ef10ff9ce2fb4141af06416288 - 49234a401e161a2f2698f4612ab792c49b3cad1b

Linux/Linux 5a0b0cb9bee767ef10ff9ce2fb4141af06416288 - 549e91a9bbaa0ee480f59357868421a61d369770

Linux/Linux 5a0b0cb9bee767ef10ff9ce2fb4141af06416288 - b6d76d63c6d21d5d26c301a46853a2aee72397d5

Linux/Linux 5a0b0cb9bee767ef10ff9ce2fb4141af06416288 - f3ee24af62681b942bbd799ac77b90a6d7e1fdb1

Linux/Linux 6.1.167 - 6.1.*

Linux/Linux 6.3.13 - 6.3.*

Linux/Linux 6.4.4 - 6.4.*

Linux/Linux 6.5

... and 1 more

Published Oct 01, 2025

Tracked Since Feb 18, 2026