CVE-2023-53510

Source
https://cve.org/CVERecord?id=CVE-2023-53510
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53510.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-53510
Downstream
Related
Published
2025-10-01T11:45:59.421Z
Modified
2026-07-11T03:55:48.770366904Z
Summary
scsi: ufs: core: Fix handling of lrbp->cmd
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Fix handling of lrbp->cmd

ufshcd_queuecommand() may be called two times in a row for a SCSI command before it is completed. Hence make the following changes:

  • In the functions that submit a command, do not check the old value of lrbp->cmd nor clear lrbp->cmd in error paths.

  • In ufshcdreleasescsi_cmd(), do not clear lrbp->cmd.

See also scsisendeh_cmnd().

This commit prevents that the following appears if a command times out:

WARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcdqueuecommand+0x6f8/0x9a8 Call trace: ufshcdqueuecommand+0x6f8/0x9a8 scsisendehcmnd+0x2c0/0x960 scsiehtestdevices+0x100/0x314 scsiehreadydevs+0xd90/0x114c scsierror_handler+0x2b4/0xb70 kthread+0x16c/0x1e0

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53510.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5a0b0cb9bee767ef10ff9ce2fb4141af06416288
Fixed
b6d76d63c6d21d5d26c301a46853a2aee72397d5
Fixed
f3ee24af62681b942bbd799ac77b90a6d7e1fdb1
Fixed
49234a401e161a2f2698f4612ab792c49b3cad1b
Fixed
549e91a9bbaa0ee480f59357868421a61d369770

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53510.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.12.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.3.13
Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.4.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-53510.json"