CVE-2023-54100 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedi: Fix use after free bug in qedi_remove()

In qedi_probe() we call __qedi_probe() which initializes
&qedi->recovery_work with qedi_recovery_handler() and
&qedi->board_disable_work with qedi_board_disable_work().

When qedi_schedule_recovery_handler() is called, schedule_delayed_work()
will finally start the work.

In qedi_remove(), which is called to remove the driver, the following
sequence may be observed:

Fix this by finishing the work before cleanup in qedi_remove().

CPU0 CPU1

|qedi_recovery_handler
qedi_remove |
__qedi_remove |
iscsi_host_free |
scsi_host_put |
//free shost |
|iscsi_host_for_each_session
|//use qedi->shost

Cancel recovery_work and board_disable_work in __qedi_remove().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4b1068f5d74b6cc92319bd7eba40809b1222e73f`	affected	< fa19c533ab19161298f0780bcc6523af88f6fd20
`4b1068f5d74b6cc92319bd7eba40809b1222e73f`	affected	< 5e756a59cee6a8a79b9059c5bdf0ecbf5bb8d151
`4b1068f5d74b6cc92319bd7eba40809b1222e73f`	affected	< 3738a230831e861503119ee2691c4a7dc56ed60a
`4b1068f5d74b6cc92319bd7eba40809b1222e73f`	affected	< 89f6023fc321c958a0fb11f143a6eb4544ae3940
`4b1068f5d74b6cc92319bd7eba40809b1222e73f`	affected	< 124027cd1a624ce0347adcd59241a9966a726b22
`4b1068f5d74b6cc92319bd7eba40809b1222e73f`	affected	< c5749639f2d0a1f6cbe187d05f70c2e7c544d748

Linux

affected

Version	Status	Constraints
`5.7`	affected	—
`0`	unaffected	< 5.7
`5.10.180`	unaffected	≤ 5.10.*
`5.15.112`	unaffected	≤ 5.15.*
`6.1.29`	unaffected	≤ 6.1.*
`6.2.16`	unaffected	≤ 6.2.*
`6.3.3`	unaffected	≤ 6.3.*
`6.4`	unaffected	≤ *

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/124027cd1a624ce0347adcd59241a9966a726b22
https://git.kernel.org/stable/c/3738a230831e861503119ee2691c4a7dc56ed60a
https://git.kernel.org/stable/c/5e756a59cee6a8a79b9059c5bdf0ecbf5bb8d151
https://git.kernel.org/stable/c/89f6023fc321c958a0fb11f143a6eb4544ae3940
https://git.kernel.org/stable/c/c5749639f2d0a1f6cbe187d05f70c2e7c544d748
https://git.kernel.org/stable/c/fa19c533ab19161298f0780bcc6523af88f6fd20
https://lore.kernel.org/linux-cve-announce/2025122410-CVE-2023-54100-91a9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2023-54100
https://www.cve.org/CVERecord?id=CVE-2023-54100

History

Thu, 25 Dec 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025122410-CVE-2023-54100-91a9@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2023-54100 https://www.cve.org/CVERecord?id=CVE-2023-54100
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 24 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix use after free bug in qedi_remove() In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work with qedi_recovery_handler() and &qedi->board_disable_work with qedi_board_disable_work(). When qedi_schedule_recovery_handler() is called, schedule_delayed_work() will finally start the work. In qedi_remove(), which is called to remove the driver, the following sequence may be observed: Fix this by finishing the work before cleanup in qedi_remove(). CPU0 CPU1 \|qedi_recovery_handler qedi_remove \| __qedi_remove \| iscsi_host_free \| scsi_host_put \| //free shost \| \|iscsi_host_for_each_session \|//use qedi->shost Cancel recovery_work and board_disable_work in __qedi_remove().
Title		scsi: qedi: Fix use after free bug in qedi_remove()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/124027cd1a624ce0347adcd59241a9966a726b22 https://git.kernel.org/stable/c/3738a230831e861503119ee2691c4a7dc56ed60a https://git.kernel.org/stable/c/5e756a59cee6a8a79b9059c5bdf0ecbf5bb8d151 https://git.kernel.org/stable/c/89f6023fc321c958a0fb11f143a6eb4544ae3940 https://git.kernel.org/stable/c/c5749639f2d0a1f6cbe187d05f70c2e7c544d748 https://git.kernel.org/stable/c/fa19c533ab19161298f0780bcc6523af88f6fd20

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T13:06:26.560Z

Updated: 2025-12-24T13:06:26.560Z

Reserved: 2025-12-24T13:02:52.517Z

Link: CVE-2023-54100

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-12-24T13:16:11.890

Modified: 2025-12-29T15:58:34.503

Link: CVE-2023-54100

Redhat

Severity : Low

Publid Date: 2025-12-24T00:00:00Z

Links: CVE-2023-54100 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object