CVE-2023-53387 — Expired Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 98.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 18
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix device management cmd timeout flow
In the UFS error handling flow, the host will send a device management cmd
(NOP OUT) to the device for link recovery. If this cmd times out and
clearing the doorbell fails, ufshcd_wait_for_dev_cmd() will do nothing and
return. hba->dev_cmd.complete struct is not set to NULL.
When this happens, if cmd has been completed by device, then we will call
complete() in __ufshcd_…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linuxf5c2976e0cb0f6236013bfb479868531b04f61d4 — cf45493432704786a0f8294c7723ad4eeb5fff24+4
Patches
🔴Vulnerability Details
2OSV▶
CVE-2023-53387: In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling↗2025-09-18
GHSA▶
GHSA-w6pv-gx3q-3r57: In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix device management cmd timeout flow
In the UFS error handlin↗2025-09-18