CVE-2023-53041

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-96.el9.x86 64

Description A vulnerability in the Linux kernel has been resolved, specifically in the scsi: qla2xxx module. The issue occurred when a command was completed in the abort path during driver unload with a lock held, causing a warning. This was observed while adding and removing the controller, resulting in a call trace. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Linux kernel versions prior to 5.14.0-96.el9.x86 64, update to a version that includes the fix for the scsi: qla2xxx module to perform lockless command completion in the abort path. As a temporary workaround, consider disabling the qla2x00 abort all cmds function until a patch is available. Restrict access to the qla2xxx module to minimize the risk of exploitation. Avoid using the dma free attrs function in the affected kernel path until the issue is resolved.