Linux Kernel UFS Error Handler Hang Vulnerability

Vulnerability

A vulnerability in the Linux kernel's SCSI core UFS error handling can lead to a hang condition. The issue arises because the error handler's preparation function, 'ufshcd_err_handling_prepare()', calls 'ufshcd_rpm_get_sync()' to resume operations. However, this call can only succeed if the 'UFSHCD_EH_IN_PROGRESS' flag is not set, as the flag indicates that a SCSI command is already being processed. The error handler can get stuck if 'UFSHCD_EH_IN_PROGRESS' is set, preventing the command from being queued and causing a hang. The vulnerability has been addressed by modifying the error handling process to avoid this deadlock.

Impact

The vulnerability can cause a deadlock situation where the error handler gets stuck, unable to proceed with error recovery operations.

Added: Jul 3, 2025, 11:00 AM

Updated: Jul 3, 2025, 11:00 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel UFS Error Handler Hang Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating