Kernel Vulnerability in Linux Affecting SCSI Device Management
CVE-2023-53609

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2023-53609?

A vulnerability in the Linux kernel's SCSI subsystem has been identified, related to improper handling of device requests during dispatch operations. The function 'scsi_queue_rq()' was adversely affected, where the atomic increment of the 'iorequest_cnt' could lead to system instability, particularly if the command device had been freed after returning from 'scsi_dispatch_cmd()'. This issue results in a kernel panic, highlighting the necessity for prompt patching and diligent management of device states within the SCSI core.

Affected Version(s)

Linux cfee29ffb45b1c9798011b19d454637d1b0fe87d < 35fe6fa57b994e7da222893adf0bb748d6055e73

Linux cfee29ffb45b1c9798011b19d454637d1b0fe87d < 6ca9818d1624e136a76ae8faedb6b6c95ca66903

Linux 6.2

References

https://git.kernel.org/stable/c/35fe6fa57b994e7da222893ad...

https://git.kernel.org/stable/c/6ca9818d1624e136a76ae8fae...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Oct 4, 2025

JSON