CVE-2022-49534

MEDIUM EPSS 11.8%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s login_mbox). Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(), and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for service parameters. For lpfc_els_rsp_reject() failure, free both the ctx_buf for service parameters and the login_mbox.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
11.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 1

VendorProductVersionRange
linuxlinux_kernel* <5.18.3

References 2

  • git.kernel.org https://git.kernel.org/stable/c/672d1cb40551ea9c95efad43ab6d45e4ab4e015f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c00df0f34a6d5e14da379f96ea67e501ce67b002
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/672d1cb40551ea9c95efad43ab6d45e4ab4e015f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c00df0f34a6d5e14da379f96ea67e501ce67b002
    Patch