CVE-2023-52515
Vulnerability from cvelistv5
Published
2024-03-02 21:52
Modified
2025-05-04 12:49
Severity ?
EPSS score ?
Summary
RDMA/srp: Do not call scsi_done() from srp_abort()
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:20.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/26788a5b48d9d5cd3283d777d238631c8cd7495a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2b298f9181582270d5e95774e5a6c7a7fb5b1206"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/05a10b316adaac1f322007ca9a0383b410d759cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e193b7955dfad68035b983a0011f4ef3590c85eb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:56:46.822904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:41.155Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/srp/ib_srp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "26788a5b48d9d5cd3283d777d238631c8cd7495a",
"status": "affected",
"version": "d8536670916a685df116b5c2cb256573fd25e4e3",
"versionType": "git"
},
{
"lessThan": "b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5",
"status": "affected",
"version": "d8536670916a685df116b5c2cb256573fd25e4e3",
"versionType": "git"
},
{
"lessThan": "2b298f9181582270d5e95774e5a6c7a7fb5b1206",
"status": "affected",
"version": "d8536670916a685df116b5c2cb256573fd25e4e3",
"versionType": "git"
},
{
"lessThan": "05a10b316adaac1f322007ca9a0383b410d759cc",
"status": "affected",
"version": "d8536670916a685df116b5c2cb256573fd25e4e3",
"versionType": "git"
},
{
"lessThan": "e193b7955dfad68035b983a0011f4ef3590c85eb",
"status": "affected",
"version": "d8536670916a685df116b5c2cb256573fd25e4e3",
"versionType": "git"
},
{
"status": "affected",
"version": "738589592a04180e39b6fb5fe8205d85b7dc69f6",
"versionType": "git"
},
{
"status": "affected",
"version": "0575df129e2eb4a801beae0e6e041787480f42b9",
"versionType": "git"
},
{
"status": "affected",
"version": "22fb582405002812d8fb89d0ed1264e97d3d25ad",
"versionType": "git"
},
{
"status": "affected",
"version": "39d6594c457c4728794cb4c3c7be53f93f1ef3ae",
"versionType": "git"
},
{
"status": "affected",
"version": "b3f3b814add77a464911df0080d812b18f61ff38",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/ulp/srp/ib_srp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.57",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.199",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.136",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.57",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.7",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srp: Do not call scsi_done() from srp_abort()\n\nAfter scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler\ncallback, it performs one of the following actions:\n* Call scsi_queue_insert().\n* Call scsi_finish_command().\n* Call scsi_eh_scmd_add().\nHence, SCSI abort handlers must not call scsi_done(). Otherwise all\nthe above actions would trigger a use-after-free. Hence remove the\nscsi_done() call from srp_abort(). Keep the srp_free_req() call\nbefore returning SUCCESS because we may not see the command again if\nSUCCESS is returned."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:49:08.091Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/26788a5b48d9d5cd3283d777d238631c8cd7495a"
},
{
"url": "https://git.kernel.org/stable/c/b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5"
},
{
"url": "https://git.kernel.org/stable/c/2b298f9181582270d5e95774e5a6c7a7fb5b1206"
},
{
"url": "https://git.kernel.org/stable/c/05a10b316adaac1f322007ca9a0383b410d759cc"
},
{
"url": "https://git.kernel.org/stable/c/e193b7955dfad68035b983a0011f4ef3590c85eb"
}
],
"title": "RDMA/srp: Do not call scsi_done() from srp_abort()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52515",
"datePublished": "2024-03-02T21:52:25.863Z",
"dateReserved": "2024-02-20T12:30:33.316Z",
"dateUpdated": "2025-05-04T12:49:08.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-52515\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-02T22:15:47.823\",\"lastModified\":\"2024-12-11T16:41:11.770\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRDMA/srp: Do not call scsi_done() from srp_abort()\\n\\nAfter scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler\\ncallback, it performs one of the following actions:\\n* Call scsi_queue_insert().\\n* Call scsi_finish_command().\\n* Call scsi_eh_scmd_add().\\nHence, SCSI abort handlers must not call scsi_done(). Otherwise all\\nthe above actions would trigger a use-after-free. Hence remove the\\nscsi_done() call from srp_abort(). Keep the srp_free_req() call\\nbefore returning SUCCESS because we may not see the command again if\\nSUCCESS is returned.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/srp: No llamar a scsi_done() desde srp_abort() Despu\u00e9s de que scmd_eh_abort_handler() haya llamado a la devoluci\u00f3n de llamada SCSI LLD eh_abort_handler, realiza una de las siguientes acciones: * Llamar a scsi_queue_insert( ). * Llame a scsi_finish_command(). * Llame a scsi_eh_scmd_add(). Por lo tanto, los controladores de abortos SCSI no deben llamar a scsi_done(). De lo contrario, todas las acciones anteriores desencadenar\u00edan un Use After Free. Por lo tanto, elimine la llamada scsi_done() de srp_abort(). Mantenga la llamada srp_free_req() antes de devolver SUCCESS porque es posible que no veamos el comando nuevamente si se devuelve SUCCESS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.7\",\"versionEndExcluding\":\"5.10.199\",\"matchCriteriaId\":\"82480FAE-E3F8-4E1D-AE32-3EC355B1D261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.136\",\"matchCriteriaId\":\"B1FA5161-3AC0-44DF-B1F7-93A070F2B1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.57\",\"matchCriteriaId\":\"8629E5D1-351D-4D4B-8D05-E10BD4A1CFD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.5.7\",\"matchCriteriaId\":\"830A824C-F212-4FDC-ADEF-0EBEC6B2365B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"84267A4F-DBC2-444F-B41D-69E15E1BEC97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB440208-241C-4246-9A83-C1715C0DAA6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DC421F1-3D5A-4BEF-BF76-4E468985D20B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"00AB783B-BE05-40E8-9A55-6AA457D95031\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/05a10b316adaac1f322007ca9a0383b410d759cc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/26788a5b48d9d5cd3283d777d238631c8cd7495a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2b298f9181582270d5e95774e5a6c7a7fb5b1206\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e193b7955dfad68035b983a0011f4ef3590c85eb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/05a10b316adaac1f322007ca9a0383b410d759cc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/26788a5b48d9d5cd3283d777d238631c8cd7495a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2b298f9181582270d5e95774e5a6c7a7fb5b1206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e193b7955dfad68035b983a0011f4ef3590c85eb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.