github - ghsa-36rm-q238-p59m

GHSA-36RM-Q238-P59M

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-10-01 09:30

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ses: Don't attach if enclosure has no components

An enclosure with no components can't usefully be operated by the driver (since effectively it has nothing to manage), so report the problem and don't attach. Not attaching also fixes an oops which could occur if the driver tries to manage a zero component enclosure.

[mkp: Switched to KERN_WARNING since this scenario is common]

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-53431"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:47Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ses: Don\u0027t attach if enclosure has no components\n\nAn enclosure with no components can\u0027t usefully be operated by the driver\n(since effectively it has nothing to manage), so report the problem and\ndon\u0027t attach. Not attaching also fixes an oops which could occur if the\ndriver tries to manage a zero component enclosure.\n\n[mkp: Switched to KERN_WARNING since this scenario is common]",
  "id": "GHSA-36rm-q238-p59m",
  "modified": "2025-10-01T09:30:24Z",
  "published": "2025-09-18T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53431"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05143d90ac90b7abc6692285895a1ef460e008ee"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/110d425cdfb15006f3c4fde5264e786a247b6b36"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/176d7345b89ced72020a313bfa4e7f345d1c3aed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3fe97ff3d94934649abb0652028dd7296170c8d0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4863fefc8a8cc8e8f6c7635b12d9dffaa0a12d86"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4e7c498c3713b09bef20c76c7319555637e8bbd5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ca5470b33e5221dd3e5be81108697c22dd38b56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6069e04a922a0488bcf4f1017d38d18afda8194c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6fce2307650a190e343a84537c278d499fa37c26"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c8e22b7a1694bb8d025ea636816472739d859145"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d68937dfc73ee7f61cf3424fa3225be93cacaa00"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eabc4872f172ecb8dd8536bc366a51868154a450"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f182ad02024d3f45374a9e0c9d76f28b776d762d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f8e702c54413eee2d8f94f61d18adadac7c87e87"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/feefd5232ecb788f0666f75893a7a86faec8bbcc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2023-53431 (GCVE-0-2023-53431)

Vulnerability from cvelistv5 – Published: 2025-09-18 16:04 – Updated: 2025-10-02 07:04

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Handle enclosure with just a primary component gracefully This reverts commit 3fe97ff3d949 ("scsi: ses: Don't attach if enclosure has no components") and introduces proper handling of case where there are no detected secondary components, but primary component (enumerated in num_enclosures) does exist. That fix was originally proposed by Ding Hui <dinghui@sangfor.com.cn>. Completely ignoring devices that have one primary enclosure and no secondary one results in ses_intf_add() bailing completely scsi 2:0:0:254: enclosure has no enumerated components scsi 2:0:0:254: Failed to bind enclosure -12ven in valid configurations such even on valid configurations with 1 primary and 0 secondary enclosures as below: # sg_ses /dev/sg0 3PARdata SES 3321 Supported diagnostic pages: Supported Diagnostic Pages [sdp] [0x0] Configuration (SES) [cf] [0x1] Short Enclosure Status (SES) [ses] [0x8] # sg_ses -p cf /dev/sg0 3PARdata SES 3321 Configuration diagnostic page: number of secondary subenclosures: 0 generation code: 0x0 enclosure descriptor list Subenclosure identifier: 0 [primary] relative ES process id: 0, number of ES processes: 1 number of type descriptor headers: 1 enclosure logical identifier (hex): 20000002ac02068d enclosure vendor: 3PARdata product: VV rev: 3321 type descriptor header and text list Element type: Unspecified, subenclosure id: 0 number of possible elements: 1 The changelog for the original fix follows ===== We can get a crash when disconnecting the iSCSI session, the call trace like this: [ffff00002a00fb70] kfree at ffff00000830e224 [ffff00002a00fba0] ses_intf_remove at ffff000001f200e4 [ffff00002a00fbd0] device_del at ffff0000086b6a98 [ffff00002a00fc50] device_unregister at ffff0000086b6d58 [ffff00002a00fc70] __scsi_remove_device at ffff00000870608c [ffff00002a00fca0] scsi_remove_device at ffff000008706134 [ffff00002a00fcc0] __scsi_remove_target at ffff0000087062e4 [ffff00002a00fd10] scsi_remove_target at ffff0000087064c0 [ffff00002a00fd70] __iscsi_unbind_session at ffff000001c872c4 [ffff00002a00fdb0] process_one_work at ffff00000810f35c [ffff00002a00fe00] worker_thread at ffff00000810f648 [ffff00002a00fe70] kthread at ffff000008116e98 In ses_intf_add, components count could be 0, and kcalloc 0 size scomp, but not saved in edev->component[i].scratch In this situation, edev->component[0].scratch is an invalid pointer, when kfree it in ses_intf_remove_enclosure, a crash like above would happen The call trace also could be other random cases when kfree cannot catch the invalid pointer We should not use edev->component[] array when the components count is 0 We also need check index when use edev->component[] array in ses_enclosure_data_process =====

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4e7c498c3713b09be…
	https://git.kernel.org/stable/c/110d425cdfb15006f…
	https://git.kernel.org/stable/c/176d7345b89ced720…
	https://git.kernel.org/stable/c/05143d90ac90b7abc…
	https://git.kernel.org/stable/c/f8e702c54413eee2d…
	https://git.kernel.org/stable/c/eabc4872f172ecb8d…
	https://git.kernel.org/stable/c/c8e22b7a1694bb8d0…

Impacted products

Vendor

Product

Version

Linux

Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < 4e7c498c3713b09bef20c76c7319555637e8bbd5 (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < 110d425cdfb15006f3c4fde5264e786a247b6b36 (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < 176d7345b89ced72020a313bfa4e7f345d1c3aed (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < 05143d90ac90b7abc6692285895a1ef460e008ee (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < f8e702c54413eee2d8f94f61d18adadac7c87e87 (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < eabc4872f172ecb8dd8536bc366a51868154a450 (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < c8e22b7a1694bb8d025ea636816472739d859145 (git)

Linux

Affected: 2.6.25
Unaffected: 0 , < 2.6.25 (semver)
Unaffected: 4.19.281 , ≤ 4.19.* (semver)
Unaffected: 5.4.241 , ≤ 5.4.* (semver)
Unaffected: 5.10.178 , ≤ 5.10.* (semver)
Unaffected: 5.15.108 , ≤ 5.15.* (semver)
Unaffected: 6.1.25 , ≤ 6.1.* (semver)
Unaffected: 6.2.12 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/ses.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4e7c498c3713b09bef20c76c7319555637e8bbd5",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "110d425cdfb15006f3c4fde5264e786a247b6b36",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "176d7345b89ced72020a313bfa4e7f345d1c3aed",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "05143d90ac90b7abc6692285895a1ef460e008ee",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "f8e702c54413eee2d8f94f61d18adadac7c87e87",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "eabc4872f172ecb8dd8536bc366a51868154a450",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "c8e22b7a1694bb8d025ea636816472739d859145",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/ses.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.281",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.178",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.108",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.25",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.281",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.241",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.178",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.108",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.25",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.12",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ses: Handle enclosure with just a primary component gracefully\n\nThis reverts commit 3fe97ff3d949 (\"scsi: ses: Don\u0027t attach if enclosure\nhas no components\") and introduces proper handling of case where there are\nno detected secondary components, but primary component (enumerated in\nnum_enclosures) does exist. That fix was originally proposed by Ding Hui\n\u003cdinghui@sangfor.com.cn\u003e.\n\nCompletely ignoring devices that have one primary enclosure and no\nsecondary one results in ses_intf_add() bailing completely\n\n\tscsi 2:0:0:254: enclosure has no enumerated components\n        scsi 2:0:0:254: Failed to bind enclosure -12ven in valid configurations such\n\neven on valid configurations with 1 primary and 0 secondary enclosures as\nbelow:\n\n\t# sg_ses /dev/sg0\n\t  3PARdata  SES               3321\n\tSupported diagnostic pages:\n\t  Supported Diagnostic Pages [sdp] [0x0]\n\t  Configuration (SES) [cf] [0x1]\n\t  Short Enclosure Status (SES) [ses] [0x8]\n\t# sg_ses -p cf /dev/sg0\n\t  3PARdata  SES               3321\n\tConfiguration diagnostic page:\n\t  number of secondary subenclosures: 0\n\t  generation code: 0x0\n\t  enclosure descriptor list\n\t    Subenclosure identifier: 0 [primary]\n\t      relative ES process id: 0, number of ES processes: 1\n\t      number of type descriptor headers: 1\n\t      enclosure logical identifier (hex): 20000002ac02068d\n\t      enclosure vendor: 3PARdata  product: VV                rev: 3321\n\t  type descriptor header and text list\n\t    Element type: Unspecified, subenclosure id: 0\n\t      number of possible elements: 1\n\nThe changelog for the original fix follows\n\n=====\nWe can get a crash when disconnecting the iSCSI session,\nthe call trace like this:\n\n  [ffff00002a00fb70] kfree at ffff00000830e224\n  [ffff00002a00fba0] ses_intf_remove at ffff000001f200e4\n  [ffff00002a00fbd0] device_del at ffff0000086b6a98\n  [ffff00002a00fc50] device_unregister at ffff0000086b6d58\n  [ffff00002a00fc70] __scsi_remove_device at ffff00000870608c\n  [ffff00002a00fca0] scsi_remove_device at ffff000008706134\n  [ffff00002a00fcc0] __scsi_remove_target at ffff0000087062e4\n  [ffff00002a00fd10] scsi_remove_target at ffff0000087064c0\n  [ffff00002a00fd70] __iscsi_unbind_session at ffff000001c872c4\n  [ffff00002a00fdb0] process_one_work at ffff00000810f35c\n  [ffff00002a00fe00] worker_thread at ffff00000810f648\n  [ffff00002a00fe70] kthread at ffff000008116e98\n\nIn ses_intf_add, components count could be 0, and kcalloc 0 size scomp,\nbut not saved in edev-\u003ecomponent[i].scratch\n\nIn this situation, edev-\u003ecomponent[0].scratch is an invalid pointer,\nwhen kfree it in ses_intf_remove_enclosure, a crash like above would happen\nThe call trace also could be other random cases when kfree cannot catch\nthe invalid pointer\n\nWe should not use edev-\u003ecomponent[] array when the components count is 0\nWe also need check index when use edev-\u003ecomponent[] array in\nses_enclosure_data_process\n====="
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-02T07:04:20.059Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4e7c498c3713b09bef20c76c7319555637e8bbd5"
        },
        {
          "url": "https://git.kernel.org/stable/c/110d425cdfb15006f3c4fde5264e786a247b6b36"
        },
        {
          "url": "https://git.kernel.org/stable/c/176d7345b89ced72020a313bfa4e7f345d1c3aed"
        },
        {
          "url": "https://git.kernel.org/stable/c/05143d90ac90b7abc6692285895a1ef460e008ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8e702c54413eee2d8f94f61d18adadac7c87e87"
        },
        {
          "url": "https://git.kernel.org/stable/c/eabc4872f172ecb8dd8536bc366a51868154a450"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8e22b7a1694bb8d025ea636816472739d859145"
        }
      ],
      "title": "scsi: ses: Handle enclosure with just a primary component gracefully",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53431",
    "datePublished": "2025-09-18T16:04:11.748Z",
    "dateReserved": "2025-09-17T14:54:09.745Z",
    "dateUpdated": "2025-10-02T07:04:20.059Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-36RM-Q238-P59M

CVE-2023-53431 (GCVE-0-2023-53431)

Tags

Sightings

Nomenclature