CVE-2023-53586

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s SCSI target handling of LUN RESET commands. The issue arises when multiple LUN RESET commands are received from different initiators, leading to a scenario where an initiator incorrectly believes running commands have been cleaned up, even when they haven't. This can result in commands being restarted and potentially lead to invalid ITT errors or accidental task lookups. The root cause is related to how commands are managed and removed from lists during the LUN RESET process, specifically introduced by commit 51ec502a3266. The fix involves reverting the problematic patch and serializing the execution of LUN RESETs, Preempts, and Aborts. Additionally, the fix prevents waiting on LUN RESETs within core tmr drain tmr list to avoid potential deadlocks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.