CVE-2023-54184

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: iscsit: Free cmds before session free

Commands from recovery entries are freed after session has been closed. That leads to use-after-free at command free or NPE with such call trace:

Time2Retain timer expired for SID: 1, cleaning up iSCSI session. BUG: kernel NULL pointer dereference, address: 0000000000000140 RIP: 0010:sbitmapqueueclear+0x3a/0xa0 Call Trace: targetreleasecmdkref+0xd1/0x1f0 [targetcoremod] transportgenericfreecmd+0xd1/0x180 [targetcoremod] iscsitfreecmd+0x53/0xd0 [iscsitargetmod] iscsitfreeconnectionrecoveryentries+0x29d/0x320 [iscsitargetmod] iscsitclosesession+0x13a/0x140 [iscsitargetmod] iscsitcheckpostdataout+0x440/0x440 [iscsitargetmod] calltimer_fn+0x24/0x140

Move cleanup of recovery enrties to before session freeing.