LUN_RESET Handling Bug in Linux Kernel Affects Multiple Sessions
CVE-2023-53586
What is CVE-2023-53586?
A vulnerability in the Linux kernel's SCSI target layer can lead to improper handling of LUN_RESET commands across multiple sessions. This issue arises when an initiator sends LUN_RESET commands that mislead the system into thinking that ongoing I/O commands have been cleaned up, even when they have not. As a result, an initiator may inadvertently restart commands that were still active, leading to invalid task errors and potential communication discrepancies. The fix involves reverting a previous patch and ensuring better handling of LUN_RESET executions to prevent concurrent resets from causing deadlocks.
Affected Version(s)
Linux 51ec502a32665fed66c7f03799ede4023b212536
Linux 51ec502a32665fed66c7f03799ede4023b212536 < 9158c86fd3237acaea8f0181c7836d90fd6eea10
Linux 51ec502a32665fed66c7f03799ede4023b212536