In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR
If command timeout happens and cq complete IRQ is raised at the same time,
ufshcd_mcq_abort clears lprb->cmd and a NULL pointer deref happens in the
ISR. Error log:
ufshcd_abort: Device abort task at tag 18
Unable to handle kernel NULL pointer dereference at virtual address
0000000000000108
pc : [0xffffffe27ef867ac] scsi_dma_unmap+0xc/0x44
lr : [0xffffffe27f1b898c] ufshcd_release_scsi_cmd+0x24/0x114
Metrics
Affected Vendors & Products
References
History
Tue, 14 Jan 2025 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | CWE-362 | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:* |
|
Vendors & Products |
Linux
Linux linux Kernel |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Mon, 04 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: Linux
Published: 2024-05-21T15:31:03.040Z
Updated: 2024-12-19T08:25:55.692Z
Reserved: 2024-05-21T15:19:24.241Z
Link: CVE-2023-52785

Updated: 2024-08-02T23:11:36.024Z

Status : Analyzed
Published: 2024-05-21T16:15:17.330
Modified: 2025-01-14T16:34:47.027
Link: CVE-2023-52785
