{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-53615", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-10-04T15:40:38.481Z", "datePublished": "2025-10-04T15:44:22.376Z", "dateUpdated": "2025-10-04T15:44:22.376Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-04T15:44:22.376Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here's the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/qla2xxx/qla_init.c", "drivers/scsi/qla2xxx/qla_target.c"], "versions": [{"version": "726b85487067d7f5b23495bc33c484b8517c4074", "lessThan": "a4628a5b98e4c6d905e1f7638242612d7db7d9c2", "status": "affected", "versionType": "git"}, {"version": "726b85487067d7f5b23495bc33c484b8517c4074", "lessThan": "4d7da12483e98c451a51bd294a3d3494f0aee5eb", "status": "affected", "versionType": "git"}, {"version": "726b85487067d7f5b23495bc33c484b8517c4074", "lessThan": "f1ea164be545629bf442c22f508ad9e7b94ac100", "status": "affected", "versionType": "git"}, {"version": "726b85487067d7f5b23495bc33c484b8517c4074", "lessThan": "cd06c45b326e44f0d21dc1b3fa23e71f46847e28", "status": "affected", "versionType": "git"}, {"version": "726b85487067d7f5b23495bc33c484b8517c4074", "lessThan": "b05017cb4ff75eea783583f3d400059507510ab1", "status": "affected", "versionType": "git"}, {"version": "726b85487067d7f5b23495bc33c484b8517c4074", "lessThan": "6dfe4344c168c6ca20fe7640649aacfcefcccb26", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/qla2xxx/qla_init.c", "drivers/scsi/qla2xxx/qla_target.c"], "versions": [{"version": "4.11", "status": "affected"}, {"version": "0", "lessThan": "4.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.258", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.195", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.132", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.54", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.5.4", "lessThanOrEqual": "6.5.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.4.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.10.195"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.15.132"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.1.54"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.5.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "6.6"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a4628a5b98e4c6d905e1f7638242612d7db7d9c2"}, {"url": "https://git.kernel.org/stable/c/4d7da12483e98c451a51bd294a3d3494f0aee5eb"}, {"url": "https://git.kernel.org/stable/c/f1ea164be545629bf442c22f508ad9e7b94ac100"}, {"url": "https://git.kernel.org/stable/c/cd06c45b326e44f0d21dc1b3fa23e71f46847e28"}, {"url": "https://git.kernel.org/stable/c/b05017cb4ff75eea783583f3d400059507510ab1"}, {"url": "https://git.kernel.org/stable/c/6dfe4344c168c6ca20fe7640649aacfcefcccb26"}], "title": "scsi: qla2xxx: Fix deletion race condition", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here's the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock."}], "id": "CVE-2023-53615", "lastModified": "2025-10-06T14:56:21.733", "metrics": {}, "published": "2025-10-04T16:15:58.340", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4d7da12483e98c451a51bd294a3d3494f0aee5eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6dfe4344c168c6ca20fe7640649aacfcefcccb26"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a4628a5b98e4c6d905e1f7638242612d7db7d9c2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b05017cb4ff75eea783583f3d400059507510ab1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cd06c45b326e44f0d21dc1b3fa23e71f46847e28"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f1ea164be545629bf442c22f508ad9e7b94ac100"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: scsi: qla2xxx: Fix deletion race condition", "id": "2401469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401469"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: qla2xxx: Fix deletion race condition\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here's the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\nMove the clearing/setting of deleted flag lock."], "name": "CVE-2023-53615", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhivos:1", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat In-Vehicle Operating System 1"}], "public_date": "2025-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-53615\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53615\nhttps://lore.kernel.org/linux-cve-announce/2025100435-CVE-2023-53615-843c@gregkh/T"], "threat_severity": "Moderate"}