Deletion Race Condition in Linux Kernel Affecting SCSI QLA2XXX Driver
CVE-2023-53615

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2023-53615?

A vulnerability in the Linux kernel's SCSI QLA2XXX driver allows session deletions to be queued up multiple times, leading to link list corruption and potential system crashes when using a debug kernel. This issue arises because the deletion of the same session can be triggered on different CPU threads, causing a race condition. The bug has been addressed by adjusting the handling of the deleted flag, ensuring more reliable session management.

Affected Version(s)

Linux 726b85487067d7f5b23495bc33c484b8517c4074

Linux 726b85487067d7f5b23495bc33c484b8517c4074 < 4d7da12483e98c451a51bd294a3d3494f0aee5eb

Linux 726b85487067d7f5b23495bc33c484b8517c4074

References

https://git.kernel.org/stable/c/a4628a5b98e4c6d905e1f7638...

https://git.kernel.org/stable/c/4d7da12483e98c451a51bd294...

https://git.kernel.org/stable/c/f1ea164be545629bf442c22f5...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Oct 4, 2025

JSON