-

CVE-2023-54100

EPSS 0.04%
Veröffentlicht 24.12.2025 13:06:26
Zuletzt bearbeitet 29.12.2025 15:58:34
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedi: Fix use after free bug in qedi_remove()

In qedi_probe() we call __qedi_probe() which initializes
&qedi->recovery_work with qedi_recovery_handler() and
&qedi->board_disable_work with qedi_board_disable_work().

When qedi_schedule_recovery_handler() is called, schedule_delayed_work()
will finally start the work.

In qedi_remove(), which is called to remove the driver, the following
sequence may be observed:

Fix this by finishing the work before cleanup in qedi_remove().

CPU0                  CPU1

                     |qedi_recovery_handler
qedi_remove          |
  __qedi_remove      |
iscsi_host_free      |
scsi_host_put        |
//free shost         |
                     |iscsi_host_for_each_session
                     |//use qedi->shost

Cancel recovery_work and board_disable_work in __qedi_remove().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < fa19c533ab19161298f0780bcc6523af88f6fd20

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Status affected

Version < 5e756a59cee6a8a79b9059c5bdf0ecbf5bb8d151

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Status affected

Version < 3738a230831e861503119ee2691c4a7dc56ed60a

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Status affected

Version < 89f6023fc321c958a0fb11f143a6eb4544ae3940

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Status affected

Version < 124027cd1a624ce0347adcd59241a9966a726b22

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Status affected

Version < c5749639f2d0a1f6cbe187d05f70c2e7c544d748

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.7

Status affected

Version < 5.7

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.180

Status unaffected

Version <= 5.15.*

Version 5.15.112

Status unaffected

Version <= 6.1.*

Version 6.1.29

Status unaffected

Version <= 6.2.*

Version 6.2.16

Status unaffected

Version <= 6.3.*

Version 6.3.3

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/fa19c533ab19161298f0780bcc6523af88f6fd20

https://git.kernel.org/stable/c/5e756a59cee6a8a79b9059c5bdf0ecbf5bb8d151

https://git.kernel.org/stable/c/3738a230831e861503119ee2691c4a7dc56ed60a

https://git.kernel.org/stable/c/89f6023fc321c958a0fb11f143a6eb4544ae3940

https://git.kernel.org/stable/c/124027cd1a624ce0347adcd59241a9966a726b22

https://git.kernel.org/stable/c/c5749639f2d0a1f6cbe187d05f70c2e7c544d748

https://nvd.nist.gov/vuln/detail/CVE-2023-54100

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54100

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54100

EUVD