{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53118", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-05-02T15:51:43.555Z", "datePublished": "2025-05-02T15:55:56.177Z", "dateUpdated": "2025-05-04T12:50:27.394Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:50:27.394Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix a procfs host directory removal regression\n\nscsi_proc_hostdir_rm() decreases a reference counter and hence must only be\ncalled once per host that is removed. This change does not require a\nscsi_add_host_with_dma() change since scsi_add_host_with_dma() will return\n0 (success) if scsi_proc_host_add() is called."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/hosts.c"], "versions": [{"version": "891a3cba425cf483d96facca55aebd6ff1da4338", "lessThan": "88c3d3bb6469cea929ac68fd326bdcbefcdfdd83", "status": "affected", "versionType": "git"}, {"version": "6b223e32d66ca9db1f252f433514783d8b22a8e1", "lessThan": "68c665bb185037e7eb66fb792c61da9d7151e99c", "status": "affected", "versionType": "git"}, {"version": "e471e928de97b00f297ad1015cc14f9459765713", "lessThan": "2a764d55e938743efa7c2cba7305633bcf227f09", "status": "affected", "versionType": "git"}, {"version": "17e98a5ede81b7696bec421f7afa2dfe467f5e6b", "lessThan": "7e0ae8667fcdd99d1756922e1140cac75f5fa279", "status": "affected", "versionType": "git"}, {"version": "1ec363599f8346d5a8d08c71a0d9860d6c420ec0", "lessThan": "73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51", "status": "affected", "versionType": "git"}, {"version": "fc663711b94468f4e1427ebe289c9f05669699c9", "lessThan": "be03df3d4bfe7e8866d4aa43d62e648ffe884f5f", "status": "affected", "versionType": "git"}, {"version": "13daafe1e209b03e9bda16ff2bd2b2da145a139b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/hosts.c"], "versions": [{"version": "5.4.237", "lessThan": "5.4.238", "status": "affected", "versionType": "semver"}, {"version": "5.10.175", "lessThan": "5.10.176", "status": "affected", "versionType": "semver"}, {"version": "5.15.103", "lessThan": "5.15.104", "status": "affected", "versionType": "semver"}, {"version": "6.1.20", "lessThan": "6.1.21", "status": "affected", "versionType": "semver"}, {"version": "6.2.7", "lessThan": "6.2.8", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.237", "versionEndExcluding": "5.4.238"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.175", "versionEndExcluding": "5.10.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.103", "versionEndExcluding": "5.15.104"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.20", "versionEndExcluding": "6.1.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2.7", "versionEndExcluding": "6.2.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.278"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/88c3d3bb6469cea929ac68fd326bdcbefcdfdd83"}, {"url": "https://git.kernel.org/stable/c/68c665bb185037e7eb66fb792c61da9d7151e99c"}, {"url": "https://git.kernel.org/stable/c/2a764d55e938743efa7c2cba7305633bcf227f09"}, {"url": "https://git.kernel.org/stable/c/7e0ae8667fcdd99d1756922e1140cac75f5fa279"}, {"url": "https://git.kernel.org/stable/c/73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51"}, {"url": "https://git.kernel.org/stable/c/be03df3d4bfe7e8866d4aa43d62e648ffe884f5f"}], "title": "scsi: core: Fix a procfs host directory removal regression", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "35867D8C-C60E-45C2-8EE9-39A4E3EF91F3", "versionEndExcluding": "4.20", "versionStartIncluding": "4.19.278", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.4.237:*:*:*:*:*:*:*", "matchCriteriaId": "A0C4A400-BF1C-4D41-98B3-E639419C1B25", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.10.175:*:*:*:*:*:*:*", "matchCriteriaId": "344E76D2-2659-4379-ADF2-01C772925245", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15.103:*:*:*:*:*:*:*", "matchCriteriaId": "8A848597-242F-43EC-9D61-6A2B2C98F7B8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "36E6ECBE-C10D-40AF-B0FA-2EF41789D2EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "2CF554BC-2C12-456C-BECE-A85F92BF95FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "B8E3B0E8-FA27-4305-87BB-AF6C25B160CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "A47F0FC3-CE52-4BA1-BA51-22F783938431", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix a procfs host directory removal regression\n\nscsi_proc_hostdir_rm() decreases a reference counter and hence must only be\ncalled once per host that is removed. This change does not require a\nscsi_add_host_with_dma() change since scsi_add_host_with_dma() will return\n0 (success) if scsi_proc_host_add() is called."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: core: Se corrige una regresi\u00f3n de eliminaci\u00f3n del directorio del host procfs. scsi_proc_hostdir_rm() disminuye un contador de referencias y, por lo tanto, solo debe llamarse una vez por cada host eliminado. Este cambio no requiere modificar scsi_add_host_with_dma(), ya que scsi_add_host_with_dma() devolver\u00e1 0 (\u00e9xito) si se llama a scsi_proc_host_add()."}], "id": "CVE-2023-53118", "lastModified": "2025-11-10T17:51:39.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-02T16:15:30.880", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2a764d55e938743efa7c2cba7305633bcf227f09"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/68c665bb185037e7eb66fb792c61da9d7151e99c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7e0ae8667fcdd99d1756922e1140cac75f5fa279"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/88c3d3bb6469cea929ac68fd326bdcbefcdfdd83"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/be03df3d4bfe7e8866d4aa43d62e648ffe884f5f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: scsi: core: Fix a procfs host directory removal regression", "id": "2363742", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363742"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: core: Fix a procfs host directory removal regression\nscsi_proc_hostdir_rm() decreases a reference counter and hence must only be\ncalled once per host that is removed. This change does not require a\nscsi_add_host_with_dma() change since scsi_add_host_with_dma() will return\n0 (success) if scsi_proc_host_add() is called."], "name": "CVE-2023-53118", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53118\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53118\nhttps://lore.kernel.org/linux-cve-announce/2025050230-CVE-2023-53118-8472@gregkh/T"], "statement": "Fixes a regression where scsi_proc_hostdir_rm() could be called multiple times, incorrectly decreasing a reference counter during SCSI host removal. Triggered only in specific device teardown sequences. Requires elevated privileges and precise timing. Not exploitable by unprivileged users. No confidentiality or integrity impact, so only availability affected.", "threat_severity": "Moderate"}

{"created": "2025-06-24T09:44:13.109386+00:00", "updated": "2025-06-24T09:44:13.109442+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}