Description
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix device resources accessed after device removal Correct possible race conditions during device removal. Previously, a scheduled work item to reset a LUN could still execute after the device was removed, leading to use-after-free and other resource access issues. This race condition occurs because the abort handler may schedule a LUN reset concurrently with device removal via sdev_destroy(), leading to use-after-free and improper access to freed resources. - Check in the device reset handler if the device is still present in the controller's SCSI device list before running; if not, the reset is skipped. - Cancel any pending TMF work that has not started in sdev_destroy(). - Ensure device freeing in sdev_destroy() is done while holding the LUN reset mutex to avoid races with ongoing resets.
Product status
2d80f4054f7f901b8ad97358a9069616ac8524c7 (git) before eccc02ba1747501d92bb2049e3ce378ba372f641
2d80f4054f7f901b8ad97358a9069616ac8524c7 (git) before 4e1acf1b6dd6dd0495bda139daafd7a403ae2dc1
2d80f4054f7f901b8ad97358a9069616ac8524c7 (git) before 1a5c5a2f88e839af5320216a02ffb075b668596a
2d80f4054f7f901b8ad97358a9069616ac8524c7 (git) before b518e86d1a70a88f6592a7c396cf1b93493d1aab
6.0
Any version before 6.0
6.12.63 (semver)
6.17.13 (semver)
6.18.2 (semver)
6.19-rc1 (original_commit_for_fix)
References
git.kernel.org/...c/eccc02ba1747501d92bb2049e3ce378ba372f641
git.kernel.org/...c/4e1acf1b6dd6dd0495bda139daafd7a403ae2dc1
git.kernel.org/...c/1a5c5a2f88e839af5320216a02ffb075b668596a
git.kernel.org/...c/b518e86d1a70a88f6592a7c396cf1b93493d1aab
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
