Fluid Attacks Database

Description

A use-after-free vulnerability was found in the Linux kernel's iSCSI target subsystem. When the Time2Retain timer expires and an iSCSI session is being cleaned up, commands from recovery entries are freed after the session has already been closed. This leads to a NULL pointer dereference or use-after-free when attempting to release command resources.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	linux	=5.10.103-1 \|\| =5.10.103-1~bpo10+1 \|\| =5.10.106-1 \|\| =5.10.113-1 \|\| =5.10.120-1 \|\| =5.10.120-1~bpo10+1 \|\| =5.10.127-1 \|\| =5.10.127-2 \|\| =5.10.127-2~bpo10+1 \|\| =5.10.136-1 \|\| =5.10.140-1 \|\| =5.10.148-1 \|\| =5.10.149-1 \|\| =5.10.149-2 \|\| =5.10.158-1 \|\| =5.10.158-2 \|\| =5.10.162-1 \|\| =5.10.178-1 \|\| =5.10.178-2 \|\| =5.10.178-3 \|\| =5.10.179-1 \|\| =5.10.179-2 \|\| =5.10.179-3 \|\| =5.10.179-4 \|\| =5.10.179-5 \|\| =5.10.46-4 \|\| =5.10.46-5 \|\| =5.10.70-1 \|\| =5.10.70-1~bpo10+1 \|\| =5.10.84-1 \|\| =5.10.92-1 \|\| =5.10.92-1~bpo10+1 \|\| =5.10.92-2 \|\| >=0 <5.10.191-1	5.10.191-1
debian 14	linux	>=0 <6.3.7-1	6.3.7-1
debian 13	linux	>=0 <6.3.7-1	6.3.7-1
debian 12	linux	=6.1.27-1 \|\| >=0 <6.1.37-1	6.1.37-1
rpm rhel7	kernel-rt	-	-
rpm rhel8	kernel-rt	-	-
rpm rhel7	kernel	-	-
rpm rhel8	kernel	<0:4.18.0-553.el8_10	0:4.18.0-553.el8_10
rpm rhel9	kernel	<0:5.14.0-427.13.1.el9_4	0:5.14.0-427.13.1.el9_4
rpm rhel9	kernel-rt	-	-

Aliases

1. CVE-2023-541842. NVD-2023-541843. OSV-DEBIAN-2023-541844. OSV-2023-541845. SECURITY-TRACKER-CVE-2023-54184

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.