CVE-2022-49730

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted A use-after-free crash can occur after an ELS LOGO is aborted. Specifically, a nodelist structure is freed and then ndlp->vport->cfg_log_verbose is dereferenced in lpfc_nlp_get() when the discovery state machine is mistakenly called a second time with NLP_EVT_DEVICE_RM argument. Rework lpfc_cmpl_els_logo() to prevent the duplicate calls to release a nodelist structure.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/5e83869e29448958f8ae2c6911f350318f75e4fc	Patch
https://git.kernel.org/stable/c/b1b3440f437b75fb2a9b0cfe58df461e40eca474	Patch
https://git.kernel.org/stable/c/eea34ce23dc3a595695856dc73bb132a9c5a2902	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::

History

24 Mar 2025, 19:32

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/5e83869e29448958f8ae2c6911f350318f75e4fc -~~	() https://git.kernel.org/stable/c/5e83869e29448958f8ae2c6911f350318f75e4fc - Patch
References	~~() https://git.kernel.org/stable/c/b1b3440f437b75fb2a9b0cfe58df461e40eca474 -~~	() https://git.kernel.org/stable/c/b1b3440f437b75fb2a9b0cfe58df461e40eca474 - Patch
References	~~() https://git.kernel.org/stable/c/eea34ce23dc3a595695856dc73bb132a9c5a2902 -~~	() https://git.kernel.org/stable/c/eea34ce23dc3a595695856dc73bb132a9c5a2902 - Patch
CPE		cpe:2.3:o:linux:linux_kernel:5.19:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux

27 Feb 2025, 19:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-416
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Resolver la desreferencia de ptr NULL después de que se cancele un LOGOTIPO ELS Se puede producir un fallo de use-after-free después de que se cancele un LOGOTIPO ELS. Específicamente, se libera una estructura de lista de nodos y luego se desreferencia ndlp->vport->cfg_log_verbose en lpfc_nlp_get() cuando se llama por error a la máquina de estado de descubrimiento una segunda vez con el argumento NLP_EVT_DEVICE_RM. Reelabore lpfc_cmpl_els_logo() para evitar las llamadas duplicadas para liberar una estructura de lista de nodos.

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-03-24 19:32

NVD link : CVE-2022-49730

Mitre link : CVE-2022-49730

CVE.ORG link : CVE-2022-49730

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10