AZL-75243

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75243.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-75243
Upstream
Published
2025-10-01T12:15:54Z
Modified
2026-04-01T05:22:25.864682Z
Summary
CVE-2023-53510 affecting package kernel 5.15.200.1-1
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Fix handling of lrbp->cmd

ufshcd_queuecommand() may be called two times in a row for a SCSI command before it is completed. Hence make the following changes:

  • In the functions that submit a command, do not check the old value of lrbp->cmd nor clear lrbp->cmd in error paths.

  • In ufshcdreleasescsi_cmd(), do not clear lrbp->cmd.

See also scsisendeh_cmnd().

This commit prevents that the following appears if a command times out:

WARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcdqueuecommand+0x6f8/0x9a8 Call trace: ufshcdqueuecommand+0x6f8/0x9a8 scsisendehcmnd+0x2c0/0x960 scsiehtestdevices+0x100/0x314 scsiehreadydevs+0xd90/0x114c scsierror_handler+0x2b4/0xb70 kthread+0x16c/0x1e0

References

Affected packages

Azure Linux:2 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
5.15.200.1-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75243.json"