CVE-2023-52515

2024-03-0200:00:00

ubuntu.com

linux kernel

vulnerability

rdma/srp

scsi_done

use-after-free

scsi_queue_insert

scsi_finish_command

scsi_eh_scmd_add

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:
RDMA/srp: Do not call scsi_done() from srp_abort() After
scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler callback,
it performs one of the following actions: * Call scsi_queue_insert(). *
Call scsi_finish_command(). * Call scsi_eh_scmd_add(). Hence, SCSI abort
handlers must not call scsi_done(). Otherwise all the above actions would
trigger a use-after-free. Hence remove the scsi_done() call from
srp_abort(). Keep the srp_free_req() call before returning SUCCESS because
we may not see the command again if SUCCESS is returned.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< 5.15.0-94.104UNKNOWN
ubuntu23.10noarchlinux< 6.5.0-17.17UNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1053.58UNKNOWN
ubuntu23.10noarchlinux-aws< 6.5.0-1013.13UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1053.58~20.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< 6.5.0-1013.13~22.04.1UNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1056.64UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-94.104	UNKNOWN
ubuntu	23.10	noarch	linux	< 6.5.0-17.17	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1053.58	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< 6.5.0-1013.13	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1053.58~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< 6.5.0-1013.13~22.04.1	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< 5.15.0-1056.64	UNKNOWN