In the Linux kernel, the following vulnerability has been resolved:

scsi: qedi: Fix use after free bug in qedi_remove()

In qedi_probe() we call __qedi_probe() which initializes
&qedi->recovery_work with qedi_recovery_handler() and
&qedi->board_disable_work with qedi_board_disable_work().

When qedi_schedule_recovery_handler() is called, schedule_delayed_work()
will finally start the work.

In qedi_remove(), which is called to remove the driver, the following
sequence may be observed:

Fix this by finishing the work before cleanup in qedi_remove().

CPU0 CPU1

|qedi_recovery_handler
qedi_remove |
__qedi_remove |
iscsi_host_free |
scsi_host_put |
//free shost |
|iscsi_host_for_each_session
|//use qedi->shost

Cancel recovery_work and board_disable_work in __qedi_remove().

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/124027cd1a624ce0347adcd59241a9966a726b22 cve-icon cve-icon
https://git.kernel.org/stable/c/3738a230831e861503119ee2691c4a7dc56ed60a cve-icon cve-icon
https://git.kernel.org/stable/c/5e756a59cee6a8a79b9059c5bdf0ecbf5bb8d151 cve-icon cve-icon
https://git.kernel.org/stable/c/89f6023fc321c958a0fb11f143a6eb4544ae3940 cve-icon cve-icon
https://git.kernel.org/stable/c/c5749639f2d0a1f6cbe187d05f70c2e7c544d748 cve-icon cve-icon
https://git.kernel.org/stable/c/fa19c533ab19161298f0780bcc6523af88f6fd20 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025122410-CVE-2023-54100-91a9@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-54100 cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-54100 cve-icon
History

Thu, 25 Dec 2025 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 24 Dec 2025 13:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix use after free bug in qedi_remove() In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work with qedi_recovery_handler() and &qedi->board_disable_work with qedi_board_disable_work(). When qedi_schedule_recovery_handler() is called, schedule_delayed_work() will finally start the work. In qedi_remove(), which is called to remove the driver, the following sequence may be observed: Fix this by finishing the work before cleanup in qedi_remove(). CPU0 CPU1 |qedi_recovery_handler qedi_remove | __qedi_remove | iscsi_host_free | scsi_host_put | //free shost | |iscsi_host_for_each_session |//use qedi->shost Cancel recovery_work and board_disable_work in __qedi_remove().
Title scsi: qedi: Fix use after free bug in qedi_remove()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2025-12-24T13:06:26.560Z

Reserved: 2025-12-24T13:02:52.517Z

Link: CVE-2023-54100

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-12-24T13:16:11.890

Modified: 2025-12-24T13:16:11.890

Link: CVE-2023-54100

cve-icon Redhat

Severity : Low

Publid Date: 2025-12-24T00:00:00Z

Links: CVE-2023-54100 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses

No weakness.