Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2023-53056

Description

In the Linux kernel, the following vulnerability has been resolved:scsi: qla2xxx: Synchronize the IOCB count to be in orderA system hang was observed with the following call trace:BUG: kernel NULL pointer dereference, address: 0000000000000000PGD 0 P4D 0Oops: 0000 [#1] PREEMPT SMP NOPTICPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1Hardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022RIP: 0010:__wake_up_common+0x55/0x190Code: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\ 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 <49> 8b 40 18 89 6c 24 14 31 ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5dRSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082RAX: 0000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000RDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018RBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8R10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000FS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 0000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0Call Trace: __wake_up_common_lock+0x83/0xd0 qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx] __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc] nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc] nvme_fc_delete_association+0x1bf/0x220 [nvme_fc] ? nvme_remove_namespaces+0x9f/0x140 [nvme_core] nvme_do_delete_ctrl+0x5b/0xa0 [nvme_core] nvme_sysfs_delete+0x5f/0x70 [nvme_core] kernfs_fop_write_iter+0x12b/0x1c0 vfs_write+0x2a3/0x3b0 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0x90 ? syscall_exit_work+0x103/0x130 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 ? exit_to_user_mode_loop+0xd0/0x130 ? exit_to_user_mode_prepare+0xec/0x100 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f815cd3eb97The IOCB counts are out of order and that would block any commands fromgoing out and subsequently hang the system. Synchronize the IOCB count tobe in correct order.

POC

Reference

No PoCs from references.

Github

- https://github.com/ARPSyndicate/cve-scores