CVE-2023-53627

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to SCSI operations with the hisi sas driver. Specifically, a NULL pointer dereference can occur when freeing slots, potentially triggered during traversal of the sas dev.list. This can lead to a kernel panic. The issue arises from a concurrency problem when adding and deleting members of the sas dev.list within the dereg device v3 hw() and hisi sas release tasks() functions. The root cause is the lack of proper locking mechanisms when traversing the list.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.