In the Linux kernel, the following vulnerability has been resolved:
RDMA/srp: Do not call scsi_done() from srp_abort() After
scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler callback,
it performs one of the following actions: * Call scsi_queue_insert(). *
Call scsi_finish_command(). * Call scsi_eh_scmd_add(). Hence, SCSI abort
handlers must not call scsi_done(). Otherwise all the above actions would
trigger a use-after-free. Hence remove the scsi_done() call from
srp_abort(). Keep the srp_free_req() call before returning SUCCESS because
we may not see the command again if SUCCESS is returned.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-94.104 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-17.17 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1053.58 | UNKNOWN |
ubuntu | 23.10 | noarch | linux-aws | < 6.5.0-1013.13 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1053.58~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1056.64 | UNKNOWN |