CVE-2023-54184

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the SCSI target iSCSI implementation. Specifically, commands from recovery entries are freed after the session has been closed, leading to a use-after-free condition or a NULL pointer dereference. This occurs during the cleanup of recovery entries, which is performed after the session has been freed. The issue is triggered when the Time2Retain timer expires for a session, leading to a kernel NULL pointer dereference at sbitmap queue clear. The vulnerable code path involves the target release cmd kref, transport generic free cmd, iscsit free cmd, iscsit free connection recovery entries, and iscsit close session functions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.