5 matches found
UBUNTU-CVE-2025-37828
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: mcq: Add NULL check in ufshcdmcqabort A race can occur between the MCQ completion path and the abort handler: once a request completes, blkmqfreerequest sets rq-mqhctx to NULL, meaning the subsequent ufshcdmcqreqtohwq...
CVE-2025-37828 scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort()
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: mcq: Add NULL check in ufshcdmcqabort A race can occur between the MCQ completion path and the abort handler: once a request completes, blkmqfreerequest sets rq-mqhctx to NULL, meaning the subsequent ufshcdmcqreqtohwq...
CVE-2023-52785
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix racing issue between ufshcdmcqabort and ISR If command timeout happens and cq complete IRQ is raised at the same time, ufshcdmcqabort clears lprb-cmd and a NULL pointer deref happens in the ISR. Error log:...
CVE-2023-52785
CVE-2023-52785 affects the Linux kernel, specifically the SCSI UFS core. The issue is a race between ufshcd_mcq_abort() and the ISR: when a command timeout occurs and a CQ complete IRQ arrives concurrently, ufshcd_mcq_abort clears lprb->cmd, leading to a NULL pointer dereference in the ISR. Th...
CVE-2023-52785 scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix racing issue between ufshcdmcqabort and ISR If command timeout happens and cq complete IRQ is raised at the same time, ufshcdmcqabort clears lprb-cmd and a NULL pointer deref happens in the ISR. Error log:...