Deadlock Vulnerability in Linux Kernel UFS SCSI Driver by Vendor
CVE-2023-53760
What is CVE-2023-53760?
A deadlock vulnerability has been identified in the Linux kernel's UFS SCSI driver, specifically in the handling of command queue events. The issue arises when the error handler function, ufshcd_err_handler(), is invoked, causing an interrupt that attempts to acquire the same lock already held in an interrupt context. This can lead to an inconsistent lock state and a possible system hang, highlighting a critical need for correct locking mechanisms in concurrent operations. It is recommended to replace the traditional lock acquisition with a safer spin_lock_irqsave to prevent the deadlock scenario and maintain overall system stability.
Affected Version(s)
Linux ed975065c31c2a0372e13c19e8140b69814a98ba < 2ce8c49c7b53e0a2258b833eeab16a6d78f732d1
Linux ed975065c31c2a0372e13c19e8140b69814a98ba < 948afc69615167a3c82430f99bfd046332b89912
Linux 6.3