CVE-2023-53245 (CNNVD-202509-2060)

UNKNOWN
中文标题:
Linux kernel 安全漏洞
英文标题:
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
CVSS分数: N/A
发布时间: 2025-09-15 14:46:14
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v4
漏洞描述
中文描述:

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于虚拟光纤通道超时处理不当,可能导致内核崩溃。

英文描述:

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to connect Fibre Channel LUNs to the host system and present them in a guest VM as a SCSI device. I/O to the vFC device is handled by the storvsc driver. The storvsc driver includes a partial integration with the FC transport implemented in the generic portion of the Linux SCSI subsystem so that FC attributes can be displayed in /sys. However, the partial integration means that some aspects of vFC don't work properly. Unfortunately, a full and correct integration isn't practical because of limitations in what Hyper-V provides to the guest. In particular, in the context of Hyper-V storvsc, the FC transport timeout function fc_eh_timed_out() causes a kernel panic because it can't find the rport and dereferences a NULL pointer. The original patch that added the call from storvsc_eh_timed_out() to fc_eh_timed_out() is faulty in this regard. In many cases a timeout is due to a transient condition, so the situation can be improved by just continuing to wait like with other I/O requests issued by storvsc, and avoiding the guaranteed panic. For a permanent failure, continuing to wait may result in a hung thread instead of a panic, which again may be better. So fix the panic by removing the storvsc call to fc_eh_timed_out(). This allows storvsc to keep waiting for a response. The change has been tested by users who experienced a panic in fc_eh_timed_out() due to transient timeouts, and it solves their problem. In the future we may want to deprecate the vFC functionality in storvsc since it can't be fully fixed. But it has current users for whom it is working well enough, so it should probably stay for a while longer.

CWE类型:
CWE-476
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
Linux Linux - < cd87f4df9865a53807001ed12c0f0420b14ececd - cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*
Linux Linux 4.13 - - cpe:2.3:a:linux:linux:4.13:*:*:*:*:*:*:*
linux linux_kernel * - - cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel 6.5 - - cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
CVSS评分详情
暂无CVSS评分信息
时间信息
发布时间:
2025-09-15 14:46:14
修改时间:
2025-09-15 14:46:14
创建时间:
2025-11-11 15:38:48
更新时间:
2026-01-15 06:00:24
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2023-53245 2025-11-11 15:22:15 2025-11-11 07:38:48
NVD nvd_CVE-2023-53245 2025-11-11 14:59:22 2025-11-11 07:46:52
CNNVD cnnvd_CNNVD-202509-2060 2025-11-11 15:12:57 2025-11-11 08:00:11
版本与语言
当前版本: v4
主要语言: EN
支持语言:
ZH EN
安全公告
暂无安全公告信息
变更历史
v4 NVD
2026-01-12 02:26:58
affected_products_count: 2 → 4
查看详细变更
  • affected_products_count: 2 -> 4
v3 CNNVD
2025-11-11 16:00:11
vulnerability_type: 未提取 → 其他; severity: SeverityLevel.MEDIUM → SeverityLevel.UNKNOWN; cvss_score: 未提取 → 0.0; cnnvd_id: 未提取 → CNNVD-202509-2060; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.UNKNOWN
  • cvss_score: 未提取 -> 0.0
  • cnnvd_id: 未提取 -> CNNVD-202509-2060
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:46:52
affected_products_count: 9 → 2; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 9 -> 2
  • data_sources: ['cve'] -> ['cve', 'nvd']