In the Linux kernel, the following vulnerability has been resolved:
RDMA/srp: Do not call scsidone() from srpabort()
After scmdehaborthandler() has called the SCSI LLD ehaborthandler callback, it performs one of the following actions: * Call scsiqueueinsert(). * Call scsifinishcommand(). * Call scsiehscmdadd(). Hence, SCSI abort handlers must not call scsidone(). Otherwise all the above actions would trigger a use-after-free. Hence remove the scsidone() call from srpabort(). Keep the srpfree_req() call before returning SUCCESS because we may not see the command again if SUCCESS is returned.
{ "vanir_signatures": [ { "signature_version": "v1", "digest": { "length": 880.0, "function_hash": "72081909776043554880521855353937334118" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05a10b316adaac1f322007ca9a0383b410d759cc", "deprecated": false, "target": { "file": "drivers/infiniband/ulp/srp/ib_srp.c", "function": "srp_abort" }, "signature_type": "Function", "id": "CVE-2023-52515-0d3430ee" }, { "signature_version": "v1", "digest": { "length": 880.0, "function_hash": "72081909776043554880521855353937334118" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5", "deprecated": false, "target": { "file": "drivers/infiniband/ulp/srp/ib_srp.c", "function": "srp_abort" }, "signature_type": "Function", "id": "CVE-2023-52515-143edc1b" }, { "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "331710517509686525233953292203701883679", "224260457475150942783056510909378017173", "258989702908111619457438228276663035385", "300738621926564067506200709155669286220", "339852737311613350853314188939177939612", "78149113622152418822030652731751456285", "291383016351720761929123494180697252887", "292602773256470889499736966774518904128", "13443698327119699797525290957430858463", "283476801486534379188069860385594916888", "239013583871876966267047761481833518380", "82784110756741217368398887515943287074", "267768835603919286639954735906563028366", "255694884089965605251406096717847172533", "130001051404648924608113968540956737869", "111693557143298108044429330994637867238", "320158769476031538083210497967223929593", "254662827071084615500374128586976713788", "331691426579462128995638592888886223072" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@05a10b316adaac1f322007ca9a0383b410d759cc", "deprecated": false, "target": { "file": "drivers/infiniband/ulp/srp/ib_srp.c" }, "signature_type": "Line", "id": "CVE-2023-52515-1ccf92da" }, { "signature_version": "v1", "digest": { "length": 880.0, "function_hash": "72081909776043554880521855353937334118" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e193b7955dfad68035b983a0011f4ef3590c85eb", "deprecated": false, "target": { "file": "drivers/infiniband/ulp/srp/ib_srp.c", "function": "srp_abort" }, "signature_type": "Function", "id": "CVE-2023-52515-4abcb2b2" }, { "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "331710517509686525233953292203701883679", "224260457475150942783056510909378017173", "258989702908111619457438228276663035385", "300738621926564067506200709155669286220", "339852737311613350853314188939177939612", "78149113622152418822030652731751456285", "291383016351720761929123494180697252887", "292602773256470889499736966774518904128", "13443698327119699797525290957430858463", "283476801486534379188069860385594916888", "239013583871876966267047761481833518380", "82784110756741217368398887515943287074", "267768835603919286639954735906563028366", "255694884089965605251406096717847172533", "130001051404648924608113968540956737869", "111693557143298108044429330994637867238", "320158769476031538083210497967223929593", "254662827071084615500374128586976713788", "331691426579462128995638592888886223072" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b9bdffb3f9aaeff8379c83f5449c6b42cb71c2b5", "deprecated": false, "target": { "file": "drivers/infiniband/ulp/srp/ib_srp.c" }, "signature_type": "Line", "id": "CVE-2023-52515-6849aad6" }, { "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "331710517509686525233953292203701883679", "224260457475150942783056510909378017173", "258989702908111619457438228276663035385", "300738621926564067506200709155669286220", "339852737311613350853314188939177939612", "78149113622152418822030652731751456285", "291383016351720761929123494180697252887", "292602773256470889499736966774518904128", "13443698327119699797525290957430858463", "283476801486534379188069860385594916888", "239013583871876966267047761481833518380", "82784110756741217368398887515943287074", "267768835603919286639954735906563028366", "255694884089965605251406096717847172533", "130001051404648924608113968540956737869", "111693557143298108044429330994637867238", "320158769476031538083210497967223929593", "254662827071084615500374128586976713788", "331691426579462128995638592888886223072" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e193b7955dfad68035b983a0011f4ef3590c85eb", "deprecated": false, "target": { "file": "drivers/infiniband/ulp/srp/ib_srp.c" }, "signature_type": "Line", "id": "CVE-2023-52515-89eabc20" }, { "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "331710517509686525233953292203701883679", "224260457475150942783056510909378017173", "258989702908111619457438228276663035385", "300738621926564067506200709155669286220", "339852737311613350853314188939177939612", "78149113622152418822030652731751456285", "291383016351720761929123494180697252887", "292602773256470889499736966774518904128", "13443698327119699797525290957430858463", "283476801486534379188069860385594916888", "239013583871876966267047761481833518380", "82784110756741217368398887515943287074", "267768835603919286639954735906563028366", "255694884089965605251406096717847172533", "130001051404648924608113968540956737869", "111693557143298108044429330994637867238", "320158769476031538083210497967223929593", "254662827071084615500374128586976713788", "331691426579462128995638592888886223072" ] }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2b298f9181582270d5e95774e5a6c7a7fb5b1206", "deprecated": false, "target": { "file": "drivers/infiniband/ulp/srp/ib_srp.c" }, "signature_type": "Line", "id": "CVE-2023-52515-bf18ab20" }, { "signature_version": "v1", "digest": { "length": 880.0, "function_hash": "72081909776043554880521855353937334118" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2b298f9181582270d5e95774e5a6c7a7fb5b1206", "deprecated": false, "target": { "file": "drivers/infiniband/ulp/srp/ib_srp.c", "function": "srp_abort" }, "signature_type": "Function", "id": "CVE-2023-52515-c3774db3" } ] }