| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050230-CVE-2023-53118-8472@gregkh> Date: Fri, 2 May 2025 17:56:23 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53118: scsi: core: Fix a procfs host directory removal regression From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only be called once per host that is removed. This change does not require a scsi_add_host_with_dma() change since scsi_add_host_with_dma() will return 0 (success) if scsi_proc_host_add() is called. The Linux kernel CVE team has assigned CVE-2023-53118 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4.237 with commit 891a3cba425cf483d96facca55aebd6ff1da4338 and fixed in 5.4.238 with commit 88c3d3bb6469cea929ac68fd326bdcbefcdfdd83 Issue introduced in 5.10.175 with commit 6b223e32d66ca9db1f252f433514783d8b22a8e1 and fixed in 5.10.176 with commit 68c665bb185037e7eb66fb792c61da9d7151e99c Issue introduced in 5.15.103 with commit e471e928de97b00f297ad1015cc14f9459765713 and fixed in 5.15.104 with commit 2a764d55e938743efa7c2cba7305633bcf227f09 Issue introduced in 6.1.20 with commit 17e98a5ede81b7696bec421f7afa2dfe467f5e6b and fixed in 6.1.21 with commit 7e0ae8667fcdd99d1756922e1140cac75f5fa279 Issue introduced in 6.2.7 with commit 1ec363599f8346d5a8d08c71a0d9860d6c420ec0 and fixed in 6.2.8 with commit 73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51 Issue introduced in 4.19.278 with commit 13daafe1e209b03e9bda16ff2bd2b2da145a139b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53118 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/hosts.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/88c3d3bb6469cea929ac68fd326bdcbefcdfdd83 https://git.kernel.org/stable/c/68c665bb185037e7eb66fb792c61da9d7151e99c https://git.kernel.org/stable/c/2a764d55e938743efa7c2cba7305633bcf227f09 https://git.kernel.org/stable/c/7e0ae8667fcdd99d1756922e1140cac75f5fa279 https://git.kernel.org/stable/c/73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51 https://git.kernel.org/stable/c/be03df3d4bfe7e8866d4aa43d62e648ffe884f5f
Powered by blists - more mailing lists