CVE-2023-53615Race Condition in Linux

CWE-362Race ConditionCWE-413Improper Resource Locking5 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
0.0%
top 98.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 4

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The cause of the link list corruption is due to session deletion was allowed to queue up twice. Here's the internal trace that show the same port was allowed to double queue for deletion on different cpu. 20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:5

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel4.115.4.258+4
Debianlinux/linux_kernel< 5.10.197-1+3
CVEListV5linux/linux726b85487067d7f5b23495bc33c484b8517c4074a4628a5b98e4c6d905e1f7638242612d7db7d9c2+6
debiandebian/linux< linux 6.1.55-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
OSV
CVE-2023-53615: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel du2025-10-04
GHSA
GHSA-fq5x-5f3p-8v6r: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel2025-10-04

📋Vendor Advisories

2
Red Hat
kernel: scsi: qla2xxx: Fix deletion race condition2025-10-04
Debian
CVE-2023-53615: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2x...2023