CVE-2023-53056

BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1 Hardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022 RIP: 0010:_wakeupcommon+0x55/0x190 Code: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\ 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 <49> 8b 40 18 89 6c 24 14 31 ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d RSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082 RAX: 0000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018 RBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8 R10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001 R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0 Call Trace: <TASK> _wakeupcommonlock+0x83/0xd0 qlanvmelsreq+0x21b/0x2b0 [qla2xxx] _nvmefcsendlsreq+0x1b5/0x350 [nvmefc] nvmefcxmtdisconnectassoc+0xca/0x110 [nvmefc] nvmefcdeleteassociation+0x1bf/0x220 [nvmefc] ? nvmeremovenamespaces+0x9f/0x140 [nvmecore] nvmedodeletectrl+0x5b/0xa0 [nvmecore] nvmesysfsdelete+0x5f/0x70 [nvmecore] kernfsfopwriteiter+0x12b/0x1c0 vfswrite+0x2a3/0x3b0 ksyswrite+0x5f/0xe0 dosyscall64+0x5c/0x90 ? syscallexitwork+0x103/0x130 ? syscallexittousermode+0x12/0x30 ? dosyscall64+0x69/0x90 ? exittousermodeloop+0xd0/0x130 ? exittousermodeprepare+0xec/0x100 ? syscallexittousermode+0x12/0x30 ? dosyscall64+0x69/0x90 ? syscallexittousermode+0x12/0x30 ? dosyscall64+0x69/0x90 entrySYSCALL64afterhwframe+0x72/0xdc RIP: 0033:0x7f815cd3eb97

The IOCB counts are out of order and that would block any commands from going out and subsequently hang the system. Synchronize the IOCB count to be in correct order.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d58b45bbbea8f9516b66e0b494701c369adb0ae8

Fixed

6295b3ec64a3623fa96869ffb7cf17d0b3c92035

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

6626b7494a01561fe5151fa6976875014a343a14

Fixed

6d57b77d7369ed73836c82b25f785b34923eef84

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

f2dde125ae9849b84f46a98abd98f655148821ab

Fixed

ffd7831841d3c56c655531fc8c5acafaaf20e1bb

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

5f63a163ed2f12c34dd4ae9b2757962ec7bb86e5

Fixed

d3affdeb400f3adc925bd996f3839481f5291839

Affected versions

v5.*

v5.15.100

v5.15.101

v5.15.102

v5.15.103

v5.15.104

v5.15.99

v6.*

v6.1.16

v6.1.17

v6.1.18

v6.1.19

v6.1.20

v6.1.21

v6.2

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.2.3

v6.2.4

v6.2.5

v6.2.6

v6.2.7

v6.2.8

v6.3-rc1

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-53056-3e4832af",
            "signature_type": "Function",
            "target": {
                "file": "drivers/scsi/qla2xxx/qla_isr.c",
                "function": "qla25xx_process_bidir_status_iocb"
            },
            "signature_version": "v1",
            "digest": {
                "length": 3616.0,
                "function_hash": "85119555850116068667624037834036276433"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ffd7831841d3c56c655531fc8c5acafaaf20e1bb"
        },
        {
            "id": "CVE-2023-53056-41ba7620",
            "signature_type": "Function",
            "target": {
                "file": "drivers/scsi/qla2xxx/qla_isr.c",
                "function": "qla25xx_process_bidir_status_iocb"
            },
            "signature_version": "v1",
            "digest": {
                "length": 3616.0,
                "function_hash": "85119555850116068667624037834036276433"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3affdeb400f3adc925bd996f3839481f5291839"
        },
        {
            "id": "CVE-2023-53056-4e03109b",
            "signature_type": "Line",
            "target": {
                "file": "drivers/scsi/qla2xxx/qla_isr.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "129838992676530984852437175573952933377",
                    "196088549097423678062648912798694563770",
                    "93581225113118498389790933825816143348",
                    "25481403829727740479702431092975301789",
                    "27363354074819892758410766752405556144",
                    "232744828505550533216635820173896188448",
                    "216055514955127782830466178810340336711",
                    "218527735584680811084240244391922227281"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d57b77d7369ed73836c82b25f785b34923eef84"
        },
        {
            "id": "CVE-2023-53056-8d148a03",
            "signature_type": "Function",
            "target": {
                "file": "drivers/scsi/qla2xxx/qla_isr.c",
                "function": "qla2x00_get_sp_from_handle"
            },
            "signature_version": "v1",
            "digest": {
                "length": 978.0,
                "function_hash": "38881341199201051532000051102982627875"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d57b77d7369ed73836c82b25f785b34923eef84"
        },
        {
            "id": "CVE-2023-53056-9e8f1058",
            "signature_type": "Line",
            "target": {
                "file": "drivers/scsi/qla2xxx/qla_isr.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "129838992676530984852437175573952933377",
                    "196088549097423678062648912798694563770",
                    "93581225113118498389790933825816143348",
                    "25481403829727740479702431092975301789",
                    "27363354074819892758410766752405556144",
                    "232744828505550533216635820173896188448",
                    "216055514955127782830466178810340336711",
                    "218527735584680811084240244391922227281"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ffd7831841d3c56c655531fc8c5acafaaf20e1bb"
        },
        {
            "id": "CVE-2023-53056-a89e55e0",
            "signature_type": "Function",
            "target": {
                "file": "drivers/scsi/qla2xxx/qla_isr.c",
                "function": "qla2x00_get_sp_from_handle"
            },
            "signature_version": "v1",
            "digest": {
                "length": 978.0,
                "function_hash": "38881341199201051532000051102982627875"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ffd7831841d3c56c655531fc8c5acafaaf20e1bb"
        },
        {
            "id": "CVE-2023-53056-b418f527",
            "signature_type": "Line",
            "target": {
                "file": "drivers/scsi/qla2xxx/qla_isr.c"
            },
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "129838992676530984852437175573952933377",
                    "196088549097423678062648912798694563770",
                    "93581225113118498389790933825816143348",
                    "25481403829727740479702431092975301789",
                    "27363354074819892758410766752405556144",
                    "232744828505550533216635820173896188448",
                    "216055514955127782830466178810340336711",
                    "218527735584680811084240244391922227281"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3affdeb400f3adc925bd996f3839481f5291839"
        },
        {
            "id": "CVE-2023-53056-bc2e10eb",
            "signature_type": "Function",
            "target": {
                "file": "drivers/scsi/qla2xxx/qla_isr.c",
                "function": "qla2x00_get_sp_from_handle"
            },
            "signature_version": "v1",
            "digest": {
                "length": 978.0,
                "function_hash": "38881341199201051532000051102982627875"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d3affdeb400f3adc925bd996f3839481f5291839"
        },
        {
            "id": "CVE-2023-53056-cdb92191",
            "signature_type": "Function",
            "target": {
                "file": "drivers/scsi/qla2xxx/qla_isr.c",
                "function": "qla25xx_process_bidir_status_iocb"
            },
            "signature_version": "v1",
            "digest": {
                "length": 3616.0,
                "function_hash": "85119555850116068667624037834036276433"
            },
            "deprecated": false,
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6d57b77d7369ed73836c82b25f785b34923eef84"
        }
    ]
}

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.15.99

Fixed

5.15.105

Type: ECOSYSTEM
Events: Introduced

6.1.16

Fixed

6.1.22

Type: ECOSYSTEM
Events: Introduced

6.2.3

Fixed

6.2.9