SCSI Command Handling Flaw in Linux Kernel by Vendor
CVE-2023-53510

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 October 2025

What is CVE-2023-53510?

A vulnerability exists in the Linux kernel's SCSI subsystem pertaining to the improper handling of SCSI commands by the ufshcd_queuecommand function. This situation can lead to redundant command submissions before a command is completed, potentially causing system instability and errors. Recent modifications have addressed this issue by altering how SCSI commands are processed, specifically during error handling, ensuring that the command pointer is not erroneously reset. Improvements in the ufshcd_release_scsi_cmd function prevent the clearing of important command data, thereby reducing the risk of timeout warnings during command execution.

Affected Version(s)

Linux 5a0b0cb9bee767ef10ff9ce2fb4141af06416288

Linux 5a0b0cb9bee767ef10ff9ce2fb4141af06416288 < 49234a401e161a2f2698f4612ab792c49b3cad1b

Linux 5a0b0cb9bee767ef10ff9ce2fb4141af06416288 < 549e91a9bbaa0ee480f59357868421a61d369770

References

https://git.kernel.org/stable/c/f3ee24af62681b942bbd799ac...

https://git.kernel.org/stable/c/49234a401e161a2f2698f4612...

https://git.kernel.org/stable/c/549e91a9bbaa0ee480f593578...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Oct 1, 2025

JSON