CVE-2023-53322

Updated: 2025-12-14 03:16:18.419219

Description:

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Wait for io return on terminate rport System crash due to use after free. Current code allows terminate_rport_io to exit before making sure all IOs has returned. For FCP-2 device, IO's can hang on in HW because driver has not tear down the session in FW at first sign of cable pull. When dev_loss_tmo timer pops, terminate_rport_io is called and upper layer is about to free various resources. Terminate_rport_io trigger qla to do the final cleanup, but the cleanup might not be fast enough where it leave qla still holding on to the same resource. Wait for IO's to return to upper layer before resources are freed.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2025:1764151168 2025-11-27 10:33:47
CentOS 6 ELS kernel 2.6.32 7.8 HIGH In Testing 2026-01-05 20:10:48
CentOS 7 ELS kernel 3.10.0 7.8 HIGH In Testing 2026-01-05 20:07:46
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1763731262 2025-11-21 21:29:07
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2025:1763734783 2025-11-21 21:29:08
CloudLinux 7 ELS kernel 3.10.0 7.8 HIGH Ignored 2025-12-27 04:43:59 CloudLinux 6 and 7 support is limited and provided on demand. We strongly recommend upgrading to Clo...
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Needs Triage 2025-12-14 08:40:32
Oracle Linux 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2026:1767867153 2026-01-08 16:44:44
Oracle Linux 7 ELS kernel-uek 5.4.17 7.8 HIGH Needs Triage 2025-12-22 22:35:37
RHEL 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2026:1767867718 2026-01-08 16:44:43
Total: 13