You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2023 53387
About this tag
CVE-2023-53387 is a Linux UFS driver bug that could cause kernel panics due to a use-after-free error in stack-allocated completion structures during UFS error handling. The flaw involves a race condition where a timed-out device-management command, such as a NOP OUT for link recovery, leads to a completion object being referenced after it has gone out of scope. This issue primarily affects ARM-based mobile and embedded devices using UFS storage. The vulnerability has been fixed in upstream kernel code, and users are advised to apply the patch to prevent system instability and crashes.
A subtle but dangerous bug in the Linux UFS driver — tracked as CVE-2023-53387 — has been quietly fixed in upstream kernel code after a stack-allocated completion structure could be referenced after its lifetime, causing hard kernel panics during UFS error handling. The flaw stems from the UFS...