PT-2025-40778 · Linux+4 · Linux Kernel+4

Published

2024-04-30

Updated

2025-12-04

CVE-2023-53615

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the qla2xxx SCSI driver that can lead to system crashes when using a debug kernel. This occurs due to a double queuing of session deletion, resulting in link list corruption. The issue involves scheduling the same port for deletion multiple times on different CPUs. The vulnerability is related to the deletion of sessions within the qla2xxx driver.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2025_16880

CESA-2024_3138

CVE-2023-53615

OESA-2025-2554

RHSA-2024:2394

RHSA-2024:3138

RHSA-2024_2394

RHSA-2024_3138

SUSE-SU-2025:21040-1

SUSE-SU-2025:21052-1

SUSE-SU-2025:21056-1

SUSE-SU-2025:21064-1

SUSE-SU-2025:4057-1

SUSE-SU-2025:4111-1

SUSE-SU-2025:4128-1

SUSE-SU-2025:4132-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4140-1

SUSE-SU-2025:4141-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4301-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

Qla2Xxx

PT-2025-40778 · Linux+4 · Linux Kernel+4

CVE-2023-53615

Weakness Enumeration

Related Identifiers

Affected Products

References · 1416