In the Linux kernel, the following vulnerability has been resolved:

ublk: reset per-IO canceled flag on each fetch

If a ublk server starts recovering devices but dies before issuing fetch
commands for all IOs, cancellation of the fetch commands that were
successfully issued may never complete. This is because the per-IO
canceled flag can remain set even after the fetch for that IO has been
submitted - the per-IO canceled flags for all IOs in a queue are reset
together only once all IOs for that queue have been fetched. So if a
nonempty proper subset of the IOs for a queue are fetched when the ublk
server dies, the IOs in that subset will never successfully be canceled,
as their canceled flags remain set, and this prevents ublk_cancel_cmd
from actually calling io_uring_cmd_done on the commands, despite the
fact that they are outstanding.

Fix this by resetting the per-IO cancel flags immediately when each IO
is fetched instead of waiting for all IOs for the queue (which may never
happen).

https://git.kernel.org/stable/c/0842186d2c4e67d2f8c8c2d1d779e8acffd41b5b

https://git.kernel.org/stable/c/63335e5a67d89bb7cb9b023bbb3785896587a648

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/block/ublk_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"728cbac5fe219d3b8a21a0688a08f2b7f8aeda2b","lessThan":"63335e5a67d89bb7cb9b023bbb3785896587a648","versionType":"git","status":"affected"},{"version":"728cbac5fe219d3b8a21a0688a08f2b7f8aeda2b","lessThan":"0842186d2c4e67d2f8c8c2d1d779e8acffd41b5b","versionType":"git","status":"affected"},{"version":"42ea64e01c96e594fb4f80c54dfe4f934d008a6e","versionType":"git","status":"affected"},{"version":"6.14.6","lessThan":"6.15","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/block/ublk_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]