ufs driver

About this tag
The ufs driver tag covers discussions about the Universal Flash Storage (UFS) driver in the Linux kernel, with a focus on security vulnerabilities and bug fixes. Recent threads detail two CVEs: CVE-2023-53387, a use-after-free bug in the UFS host controller driver that could cause kernel panics during error handling, and CVE-2025-37826, a missing NULL check in the UFS SCSI stack. Both issues have been patched in upstream Linux. The content also references Microsoft's Azure Linux as a potentially affected product. These threads are relevant for developers, system administrators, and IT professionals managing Linux systems with UFS storage, particularly on ARM-based mobile and embedded devices.
  1. Linux UFS Driver Bug CVE-2023-53387 Fixed to Prevent Kernel Panic

    A subtle but dangerous bug in the Linux UFS driver — tracked as CVE-2023-53387 — has been quietly fixed in upstream kernel code after a stack-allocated completion structure could be referenced after its lifetime, causing hard kernel panics during UFS error handling. The flaw stems from the UFS...
  2. CVE-2025-37826: Linux UFS Driver Patch and Azure Linux Attestation

    The Linux kernel fix tracked as CVE-2025-37826 corrects a missing NULL check in the UFS SCSI stack (ufshcd_mcq_compl_pending_transfer), and Microsoft’s public advisory notes that Azure Linux includes the open-source component and is therefore potentially affected — but that wording is a...