{ "threat_severity" : "Moderate", "public_date" : "2025-09-16T00:00:00Z", "bugzilla" : { "description" : "kernel: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue", "id" : "2395680", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2395680" }, "cvss3" : { "cvss3_base_score" : "6.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-824", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nscsi: qla2xxx: Remove unused nvme_ls_waitq wait queue\nSystem crash when qla2x00_start_sp(sp) returns error code EGAIN and wake_up\ngets called for uninitialized wait queue sp->nvme_ls_waitq.\nqla2xxx [0000:37:00.1]-2121:5: Returning existing qpair of ffff8ae2c0513400 for idx=0\nqla2xxx [0000:37:00.1]-700e:5: qla2x00_start_sp failed = 11\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000000\nPGD 0 P4D 0\nOops: 0000 [#1] SMP NOPTI\nHardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\nWorkqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]\nRIP: 0010:__wake_up_common+0x4c/0x190\nRSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320\nRBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8\nR10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20\nR13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n__wake_up_common_lock+0x7c/0xc0\nqla_nvme_ls_req+0x355/0x4c0 [qla2xxx]\n? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]\n? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]\n? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]\nRemove unused nvme_ls_waitq wait queue. nvme_ls_waitq logic was removed\npreviously in the commits tagged Fixed: below." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-05-22T00:00:00Z", "advisory" : "RHSA-2024:3138", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-04-30T00:00:00Z", "advisory" : "RHSA-2024:2394", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.13.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-53280\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-53280\nhttps://lore.kernel.org/linux-cve-announce/2025091624-CVE-2023-53280-30a2@gregkh/T" ], "name" : "CVE-2023-53280", "csaw" : false }