VYPR
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54100

CVE-2023-54100

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: qedi: Fix use after free bug in qedi_remove()

In qedi_probe() we call __qedi_probe() which initializes &qedi->recovery_work with qedi_recovery_handler() and &qedi->board_disable_work with qedi_board_disable_work().

When qedi_schedule_recovery_handler() is called, schedule_delayed_work() will finally start the work.

In qedi_remove(), which is called to remove the driver, the following sequence may be observed:

Fix this by finishing the work before cleanup in qedi_remove().

CPU0 CPU1

|qedi_recovery_handler qedi_remove | __qedi_remove | iscsi_host_free | scsi_host_put | //free shost | |iscsi_host_for_each_session |//use qedi->shost

Cancel recovery_work and board_disable_work in __qedi_remove().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

76

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.