Vulnerabilities > CVE-2023-52515 - Use After Free vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsi_done() from srp_abort() After scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler callback, it performs one of the following actions: * Call scsi_queue_insert(). * Call scsi_finish_command(). * Call scsi_eh_scmd_add(). Hence, SCSI abort handlers must not call scsi_done(). Otherwise all the above actions would trigger a use-after-free. Hence remove the scsi_done() call from srp_abort(). Keep the srp_free_req() call before returning SUCCESS because we may not see the command again if SUCCESS is returned.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/05a10b316adaac1f322007ca9a0383b410d759cc
- https://git.kernel.org/stable/c/05a10b316adaac1f322007ca9a0383b410d759cc
- https://git.kernel.org/stable/c/26788a5b48d9d5cd3283d777d238631c8cd7495a
- https://git.kernel.org/stable/c/26788a5b48d9d5cd3283d777d238631c8cd7495a
- https://git.kernel.org/stable/c/2b298f9181582270d5e95774e5a6c7a7fb5b1206
- https://git.kernel.org/stable/c/2b298f9181582270d5e95774e5a6c7a7fb5b1206
- https://git.kernel.org/stable/c/b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5
- https://git.kernel.org/stable/c/b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5
- https://git.kernel.org/stable/c/e193b7955dfad68035b983a0011f4ef3590c85eb
- https://git.kernel.org/stable/c/e193b7955dfad68035b983a0011f4ef3590c85eb