| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091501-CVE-2023-53245-256b@gregkh> Date: Mon, 15 Sep 2025 16:46:20 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53245: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to connect Fibre Channel LUNs to the host system and present them in a guest VM as a SCSI device. I/O to the vFC device is handled by the storvsc driver. The storvsc driver includes a partial integration with the FC transport implemented in the generic portion of the Linux SCSI subsystem so that FC attributes can be displayed in /sys. However, the partial integration means that some aspects of vFC don't work properly. Unfortunately, a full and correct integration isn't practical because of limitations in what Hyper-V provides to the guest. In particular, in the context of Hyper-V storvsc, the FC transport timeout function fc_eh_timed_out() causes a kernel panic because it can't find the rport and dereferences a NULL pointer. The original patch that added the call from storvsc_eh_timed_out() to fc_eh_timed_out() is faulty in this regard. In many cases a timeout is due to a transient condition, so the situation can be improved by just continuing to wait like with other I/O requests issued by storvsc, and avoiding the guaranteed panic. For a permanent failure, continuing to wait may result in a hung thread instead of a panic, which again may be better. So fix the panic by removing the storvsc call to fc_eh_timed_out(). This allows storvsc to keep waiting for a response. The change has been tested by users who experienced a panic in fc_eh_timed_out() due to transient timeouts, and it solves their problem. In the future we may want to deprecate the vFC functionality in storvsc since it can't be fully fixed. But it has current users for whom it is working well enough, so it should probably stay for a while longer. The Linux kernel CVE team has assigned CVE-2023-53245 to this issue. Affected and fixed versions =========================== Issue introduced in 4.13 with commit 3930d7309807ba0bfa460dfa9ed68d5560347dd2 and fixed in 4.14.323 with commit cd87f4df9865a53807001ed12c0f0420b14ececd Issue introduced in 4.13 with commit 3930d7309807ba0bfa460dfa9ed68d5560347dd2 and fixed in 4.19.292 with commit 311db605e07f0d4fc0cc7ddb74f1e5692ea2f469 Issue introduced in 4.13 with commit 3930d7309807ba0bfa460dfa9ed68d5560347dd2 and fixed in 5.4.254 with commit 048ebc9a28fb918ee635dd4b2fcf4248eb6e4050 Issue introduced in 4.13 with commit 3930d7309807ba0bfa460dfa9ed68d5560347dd2 and fixed in 5.10.191 with commit 1678408d08f31a694d5150a56796dd04c9710b22 Issue introduced in 4.13 with commit 3930d7309807ba0bfa460dfa9ed68d5560347dd2 and fixed in 5.15.127 with commit 7a792b3d888aab2c65389f9f4f9f2f6c000b1a0d Issue introduced in 4.13 with commit 3930d7309807ba0bfa460dfa9ed68d5560347dd2 and fixed in 6.1.46 with commit ed70fa5629a8b992a5372d7044d1db1f8fa6de29 Issue introduced in 4.13 with commit 3930d7309807ba0bfa460dfa9ed68d5560347dd2 and fixed in 6.4.11 with commit 763c06565055ae373fe7f89c11e1447bd1ded264 Issue introduced in 4.13 with commit 3930d7309807ba0bfa460dfa9ed68d5560347dd2 and fixed in 6.5 with commit 175544ad48cbf56affeef2a679c6a4d4fb1e2881 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53245 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/storvsc_drv.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/cd87f4df9865a53807001ed12c0f0420b14ececd https://git.kernel.org/stable/c/311db605e07f0d4fc0cc7ddb74f1e5692ea2f469 https://git.kernel.org/stable/c/048ebc9a28fb918ee635dd4b2fcf4248eb6e4050 https://git.kernel.org/stable/c/1678408d08f31a694d5150a56796dd04c9710b22 https://git.kernel.org/stable/c/7a792b3d888aab2c65389f9f4f9f2f6c000b1a0d https://git.kernel.org/stable/c/ed70fa5629a8b992a5372d7044d1db1f8fa6de29 https://git.kernel.org/stable/c/763c06565055ae373fe7f89c11e1447bd1ded264 https://git.kernel.org/stable/c/175544ad48cbf56affeef2a679c6a4d4fb1e2881
Powered by blists - more mailing lists