-

CVE-2023-53322

EPSS 0.03%
Published 16.09.2025 16:11:58
Last modified 17.09.2025 14:18:55
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Wait for io return on terminate rport

System crash due to use after free.
Current code allows terminate_rport_io to exit before making
sure all IOs has returned. For FCP-2 device, IO's can hang
on in HW because driver has not tear down the session in FW at
first sign of cable pull. When dev_loss_tmo timer pops,
terminate_rport_io is called and upper layer is about to
free various resources. Terminate_rport_io trigger qla to do
the final cleanup, but the cleanup might not be fast enough where it
leave qla still holding on to the same resource.

Wait for IO's to return to upper layer before resources are freed.

Affected products Warnungen 0 Metrics 1 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 8a55556cd7e0220486163b1285ce11a8be2ce5fa

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 4647d2e88918a078359d1532d90c417a38542c9e

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < d25fded78d88e1515439b3ba581684d683e0b6ab

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < a9fe97fb7b4ee21bffb76f2acb05769bad27ae70

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 079c8264ed9fea8cbcac01ad29040f901cbc3692

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 90770dad1eb30967ebd8d37d82830bcf270b3293

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < 5bcdaafd92be6035ddc77fa76650cf9dd5b864c4

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

Version < fc0cba0c7be8261a1625098bd1d695077ec621c9

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version <= 4.14.*

Version 4.14.322

Status unaffected

Version <= 4.19.*

Version 4.19.291

Status unaffected

Version <= 5.4.*

Version 5.4.251

Status unaffected

Version <= 5.10.*

Version 5.10.188

Status unaffected

Version <= 5.15.*

Version 5.15.121

Status unaffected

Version <= 6.1.*

Version 6.1.40

Status unaffected

Version <= 6.4.*

Version 6.4.5

Status unaffected

Version <= *

Version 6.5

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.078

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/8a55556cd7e0220486163b1285ce11a8be2ce5fa

https://git.kernel.org/stable/c/4647d2e88918a078359d1532d90c417a38542c9e

https://git.kernel.org/stable/c/d25fded78d88e1515439b3ba581684d683e0b6ab

https://git.kernel.org/stable/c/a9fe97fb7b4ee21bffb76f2acb05769bad27ae70

https://git.kernel.org/stable/c/079c8264ed9fea8cbcac01ad29040f901cbc3692

https://git.kernel.org/stable/c/90770dad1eb30967ebd8d37d82830bcf270b3293

https://git.kernel.org/stable/c/5bcdaafd92be6035ddc77fa76650cf9dd5b864c4

https://git.kernel.org/stable/c/fc0cba0c7be8261a1625098bd1d695077ec621c9

https://nvd.nist.gov/vuln/detail/CVE-2023-53322

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53322

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53322

EUVD