SB20251230261 - Improper locking in Linux kernel ulp isert driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2023-54219)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the isert_wait_conn() function in drivers/infiniband/ulp/isert/ib_isert.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/1bb42aca7a9611c1991a790834e2a65f3345c5e8
• https://git.kernel.org/stable/c/3f39698e7e842abc9bd2bd97bf5eeda4543db758
• https://git.kernel.org/stable/c/4082b59705ee9e3912eaa9e15abda8e76039b681
• https://git.kernel.org/stable/c/77e90bd53019d4d4c9e25552b5efb06dfd8c3c82
• https://git.kernel.org/stable/c/9b6296861a5a9d58aacd72c249a68b073c78bfb4
• https://git.kernel.org/stable/c/a277b736309f923d9baff0ef166d694d348a5b96
• https://git.kernel.org/stable/c/a3189341e2f609d48f730b18c8bbbf6783233477
• https://git.kernel.org/stable/c/aa950b9835f2d004b071fd220459edd3cd0a3603
• https://git.kernel.org/stable/c/dfe261107c080709459c32695847eec96238852b
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.326
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.295
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.195
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.132
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.257
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.53
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6