cve/published/2023/CVE-2023-53041.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.1.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-53041: scsi: qla2xxx: Perform lockless command completion in abort path

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 scsi: qla2xxx: Perform lockless command completion in abort path

 While adding and removing the controller, the following call trace was
 observed:

 WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50
 CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1
 RIP: 0010:dma_free_attrs+0x33/0x50

 Call Trace:
    qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx]
    qla2x00_abort_srb+0x8e/0x250 [qla2xxx]
    ? ql_dbg+0x70/0x100 [qla2xxx]
    __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx]
    qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx]
    qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx]
    qla2x00_remove_one+0x364/0x400 [qla2xxx]
    pci_device_remove+0x36/0xa0
    __device_release_driver+0x17a/0x230
    device_release_driver+0x24/0x30
    pci_stop_bus_device+0x68/0x90
    pci_stop_and_remove_bus_device_locked+0x16/0x30
    remove_store+0x75/0x90
    kernfs_fop_write_iter+0x11c/0x1b0
    new_sync_write+0x11f/0x1b0
    vfs_write+0x1eb/0x280
    ksys_write+0x5f/0xe0
    do_syscall_64+0x5c/0x80
    ? do_user_addr_fault+0x1d8/0x680
    ? do_syscall_64+0x69/0x80
    ? exc_page_fault+0x62/0x140
    ? asm_exc_page_fault+0x8/0x30
    entry_SYSCALL_64_after_hwframe+0x44/0xae

 The command was completed in the abort path during driver unload with a
 lock held, causing the warning in abort path. Hence complete the command
 without any lock held.

 The Linux kernel CVE team has assigned CVE-2023-53041 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 5.4.240 with commit 9189f20b4c5307c0998682bb522e481b4567a8b8
 	Fixed in 5.10.177 with commit 231cfa78ec5badd84a1a2b09465bfad1a926aba1
 	Fixed in 5.15.105 with commit d6f7377528d2abf338e504126e44439541be8f7d
 	Fixed in 6.1.22 with commit cd0a1804ac5bab2545ac700c8d0fe9ae9284c567
 	Fixed in 6.2.9 with commit 415d614344a4f1bbddf55d724fc7eb9ef4b39aad
 	Fixed in 6.3 with commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-53041
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/scsi/qla2xxx/qla_os.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/9189f20b4c5307c0998682bb522e481b4567a8b8
 	https://git.kernel.org/stable/c/231cfa78ec5badd84a1a2b09465bfad1a926aba1
 	https://git.kernel.org/stable/c/d6f7377528d2abf338e504126e44439541be8f7d
 	https://git.kernel.org/stable/c/cd0a1804ac5bab2545ac700c8d0fe9ae9284c567
 	https://git.kernel.org/stable/c/415d614344a4f1bbddf55d724fc7eb9ef4b39aad
 	https://git.kernel.org/stable/c/0367076b0817d5c75dfb83001ce7ce5c64d803a9
	From bippy-1.1.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-53041: scsi: qla2xxx: Perform lockless command completion in abort path

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	scsi: qla2xxx: Perform lockless command completion in abort path

	While adding and removing the controller, the following call trace was
	observed:

	WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50
	CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1
	RIP: 0010:dma_free_attrs+0x33/0x50

	Call Trace:
	qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx]
	qla2x00_abort_srb+0x8e/0x250 [qla2xxx]
	? ql_dbg+0x70/0x100 [qla2xxx]
	__qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx]
	qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx]
	qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx]
	qla2x00_remove_one+0x364/0x400 [qla2xxx]
	pci_device_remove+0x36/0xa0
	__device_release_driver+0x17a/0x230
	device_release_driver+0x24/0x30
	pci_stop_bus_device+0x68/0x90
	pci_stop_and_remove_bus_device_locked+0x16/0x30
	remove_store+0x75/0x90
	kernfs_fop_write_iter+0x11c/0x1b0
	new_sync_write+0x11f/0x1b0
	vfs_write+0x1eb/0x280
	ksys_write+0x5f/0xe0
	do_syscall_64+0x5c/0x80
	? do_user_addr_fault+0x1d8/0x680
	? do_syscall_64+0x69/0x80
	? exc_page_fault+0x62/0x140
	? asm_exc_page_fault+0x8/0x30
	entry_SYSCALL_64_after_hwframe+0x44/0xae

	The command was completed in the abort path during driver unload with a
	lock held, causing the warning in abort path. Hence complete the command
	without any lock held.

	The Linux kernel CVE team has assigned CVE-2023-53041 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 5.4.240 with commit 9189f20b4c5307c0998682bb522e481b4567a8b8
	Fixed in 5.10.177 with commit 231cfa78ec5badd84a1a2b09465bfad1a926aba1
	Fixed in 5.15.105 with commit d6f7377528d2abf338e504126e44439541be8f7d
	Fixed in 6.1.22 with commit cd0a1804ac5bab2545ac700c8d0fe9ae9284c567
	Fixed in 6.2.9 with commit 415d614344a4f1bbddf55d724fc7eb9ef4b39aad
	Fixed in 6.3 with commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-53041
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/scsi/qla2xxx/qla_os.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/9189f20b4c5307c0998682bb522e481b4567a8b8
	https://git.kernel.org/stable/c/231cfa78ec5badd84a1a2b09465bfad1a926aba1
	https://git.kernel.org/stable/c/d6f7377528d2abf338e504126e44439541be8f7d
	https://git.kernel.org/stable/c/cd0a1804ac5bab2545ac700c8d0fe9ae9284c567
	https://git.kernel.org/stable/c/415d614344a4f1bbddf55d724fc7eb9ef4b39aad
	https://git.kernel.org/stable/c/0367076b0817d5c75dfb83001ce7ce5c64d803a9