DEBIAN-CVE-2023-53510
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix handling of lrbp->cmd ufshcd_queuecommand() may be called two times in a row for a SCSI command before it is completed. Hence make the following changes: - In the functions that submit a command, do not check the old value of lrbp->cmd nor clear lrbp->cmd in error paths. - In ufshcd_release_scsi_cmd(), do not clear lrbp->cmd. See also scsi_send_eh_cmnd(). This commit prevents that the following appears if a command times out: WARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcd_queuecommand+0x6f8/0x9a8 Call trace: ufshcd_queuecommand+0x6f8/0x9a8 scsi_send_eh_cmnd+0x2c0/0x960 scsi_eh_test_devices+0x100/0x314 scsi_eh_ready_devs+0xd90/0x114c scsi_error_handler+0x2b4/0xb70 kthread+0x16c/0x1e0
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 6.12.43-1, 6.18.15-1, 6.18.15-1~bpo13+1 |
| Debian:11 | linux-6.1 | 6.1.158-1~deb11u1, 6.1.106-3~deb11u1, 6.1.106-3~deb11u2 |
| Debian:11 | linux | 5.10.103-1, 5.10.103-1, 5.10.106-1 |
| Debian:14 | linux | 0, 0, 0 |
| Debian:13 | linux | 0, 0, 0 |
Exploit Intelligence
- 2026-05-06_426_linux-signed-amd64.yaml (github-poc)
- test_suggest_impact.py (github-poc)
Timeline
- Oct 1, 2025 CVE Published
- May 2, 2026 CVE Updated