CVE-2023-53322
- Source
- https://cve.org/CVERecord?id=CVE-2023-53322
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53322.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-53322
- Downstream
- Related
- Published
- 2025-09-16T16:11:58.062Z
- Modified
- 2026-03-20T12:33:05.793805Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- scsi: qla2xxx: Wait for io return on terminate rport
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Wait for io return on terminate rport
System crash due to use after free. Current code allows terminaterportio to exit before making sure all IOs has returned. For FCP-2 device, IO's can hang on in HW because driver has not tear down the session in FW at first sign of cable pull. When devlosstmo timer pops, terminaterportio is called and upper layer is about to free various resources. Terminaterportio trigger qla to do the final cleanup, but the cleanup might not be fast enough where it leave qla still holding on to the same resource.
Wait for IO's to return to upper layer before resources are freed.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53322.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/079c8264ed9fea8cbcac01ad29040f901cbc3692
- https://git.kernel.org/stable/c/4647d2e88918a078359d1532d90c417a38542c9e
- https://git.kernel.org/stable/c/5bcdaafd92be6035ddc77fa76650cf9dd5b864c4
- https://git.kernel.org/stable/c/8a55556cd7e0220486163b1285ce11a8be2ce5fa
- https://git.kernel.org/stable/c/90770dad1eb30967ebd8d37d82830bcf270b3293
- https://git.kernel.org/stable/c/a9fe97fb7b4ee21bffb76f2acb05769bad27ae70
- https://git.kernel.org/stable/c/d25fded78d88e1515439b3ba581684d683e0b6ab
- https://git.kernel.org/stable/c/fc0cba0c7be8261a1625098bd1d695077ec621c9
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53322.json
- https://nvd.nist.gov/vuln/detail/CVE-2023-53322
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced715848ca6fffeb6362a50887d9c26245bd5dfba9Fixed8a55556cd7e0220486163b1285ce11a8be2ce5faFixed4647d2e88918a078359d1532d90c417a38542c9eFixedd25fded78d88e1515439b3ba581684d683e0b6abFixeda9fe97fb7b4ee21bffb76f2acb05769bad27ae70Fixed079c8264ed9fea8cbcac01ad29040f901cbc3692Fixed90770dad1eb30967ebd8d37d82830bcf270b3293Fixed5bcdaafd92be6035ddc77fa76650cf9dd5b864c4Fixedfc0cba0c7be8261a1625098bd1d695077ec621c9