{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53387","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-09-17T14:54:09.737Z","datePublished":"2025-09-18T13:33:30.635Z","dateUpdated":"2026-05-11T19:43:57.912Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:43:57.912Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix device management cmd timeout flow\n\nIn the UFS error handling flow, the host will send a device management cmd\n(NOP OUT) to the device for link recovery. If this cmd times out and\nclearing the doorbell fails, ufshcd_wait_for_dev_cmd() will do nothing and\nreturn. hba->dev_cmd.complete struct is not set to NULL.\n\nWhen this happens, if cmd has been completed by device, then we will call\ncomplete() in __ufshcd_transfer_req_compl(). Because the complete struct is\nallocated on the stack, the following crash will occur:\n\n  ipanic_die+0x24/0x38 [mrdump]\n  die+0x344/0x748\n  arm64_notify_die+0x44/0x104\n  do_debug_exception+0x104/0x1e0\n  el1_dbg+0x38/0x54\n  el1_sync_handler+0x40/0x88\n  el1_sync+0x8c/0x140\n  queued_spin_lock_slowpath+0x2e4/0x3c0\n  __ufshcd_transfer_req_compl+0x3b0/0x1164\n  ufshcd_trc_handler+0x15c/0x308\n  ufshcd_host_reset_and_restore+0x54/0x260\n  ufshcd_reset_and_restore+0x28c/0x57c\n  ufshcd_err_handler+0xeb8/0x1b6c\n  process_one_work+0x288/0x964\n  worker_thread+0x4bc/0xc7c\n  kthread+0x15c/0x264\n  ret_from_fork+0x10/0x30"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/ufs/core/ufshcd.c"],"versions":[{"version":"f5c2976e0cb0f6236013bfb479868531b04f61d4","lessThan":"cf45493432704786a0f8294c7723ad4eeb5fff24","status":"affected","versionType":"git"},{"version":"f5c2976e0cb0f6236013bfb479868531b04f61d4","lessThan":"3ffd2cd644e0f1eea01339831bac4b1054e8817c","status":"affected","versionType":"git"},{"version":"f5c2976e0cb0f6236013bfb479868531b04f61d4","lessThan":"36822124f9de200cedc2f42516301b50d386a6cd","status":"affected","versionType":"git"},{"version":"8841c1b02c8083e4451077a2b1f235bbfd0db105","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/ufs/core/ufshcd.c"],"versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","status":"unaffected","versionType":"semver"},{"version":"6.1.16","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.3","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.1.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.2.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/cf45493432704786a0f8294c7723ad4eeb5fff24"},{"url":"https://git.kernel.org/stable/c/3ffd2cd644e0f1eea01339831bac4b1054e8817c"},{"url":"https://git.kernel.org/stable/c/36822124f9de200cedc2f42516301b50d386a6cd"}],"title":"scsi: ufs: core: Fix device management cmd timeout flow","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2023-53387","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2026-01-14T18:58:04.971450Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","description":"CWE-noinfo Not enough information"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T19:03:05.063Z"}}]}}