PT-2025-53177 · Linux+1 · Linux Kernel+1

Published

2023-04-24

Updated

2026-02-24

CVE-2023-54100

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the qedi driver within the Linux kernel. The issue occurs in the qedi remove() function, potentially triggered by concurrent execution of qedi recovery handler() on CPU0 while qedi remove() is running on CPU1, after the shost structure has been freed. This can lead to accessing freed memory. The issue is addressed by ensuring the recovery work is finished before cleanup in qedi remove(), specifically by canceling the recovery work and board disable work in the qedi remove() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2026-01229

CVE-2023-54100

RHSA-2024:2394

RHSA-2024:3138

SUSE-SU-2026:0263-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

Affected Products

Linux Kernel

Qedi

PT-2025-53177 · Linux+1 · Linux Kernel+1

CVE-2023-54100

Weakness Enumeration

Related Identifiers

Affected Products

References · 984