-

CVE-2023-54100

EPSS 0.05%
Veröffentlicht 24.12.2025 13:06:26
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

scsi: qedi: Fix use after free bug in qedi_remove()

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedi: Fix use after free bug in qedi_remove()

In qedi_probe() we call __qedi_probe() which initializes
&qedi->recovery_work with qedi_recovery_handler() and
&qedi->board_disable_work with qedi_board_disable_work().

When qedi_schedule_recovery_handler() is called, schedule_delayed_work()
will finally start the work.

In qedi_remove(), which is called to remove the driver, the following
sequence may be observed:

Fix this by finishing the work before cleanup in qedi_remove().

CPU0                  CPU1

                     |qedi_recovery_handler
qedi_remove          |
  __qedi_remove      |
iscsi_host_free      |
scsi_host_put        |
//free shost         |
                     |iscsi_host_for_each_session
                     |//use qedi->shost

Cancel recovery_work and board_disable_work in __qedi_remove().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

CNA 2 VulnDex Vulnerability Enrichment 7

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Version < fa19c533ab19161298f0780bcc6523af88f6fd20

Status affected

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Version < 5e756a59cee6a8a79b9059c5bdf0ecbf5bb8d151

Status affected

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Version < 3738a230831e861503119ee2691c4a7dc56ed60a

Status affected

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Version < 89f6023fc321c958a0fb11f143a6eb4544ae3940

Status affected

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Version < 124027cd1a624ce0347adcd59241a9966a726b22

Status affected

Version 4b1068f5d74b6cc92319bd7eba40809b1222e73f

Version < c5749639f2d0a1f6cbe187d05f70c2e7c544d748

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.7

Status affected

Version 0

Version < 5.7

Status unaffected

Version <= 5.10.*

Version 5.10.180

Status unaffected

Version <= 5.15.*

Version 5.15.112

Status unaffected

Version <= 6.1.*

Version 6.1.29

Status unaffected

Version <= 6.2.*

Version 6.2.16

Status unaffected

Version <= 6.3.*

Version 6.3.3

Status unaffected

Version <= *

Version 6.4

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/fa19c533ab19161298f0780bcc6523af88f6fd20

https://git.kernel.org/stable/c/5e756a59cee6a8a79b9059c5bdf0ecbf5bb8d151

https://git.kernel.org/stable/c/3738a230831e861503119ee2691c4a7dc56ed60a

https://git.kernel.org/stable/c/89f6023fc321c958a0fb11f143a6eb4544ae3940

https://git.kernel.org/stable/c/124027cd1a624ce0347adcd59241a9966a726b22

https://git.kernel.org/stable/c/c5749639f2d0a1f6cbe187d05f70c2e7c544d748

https://nvd.nist.gov/vuln/detail/CVE-2023-54100

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-54100

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-54100

EUVD