In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI
If lpfc_issue_els_flogi() fails and returns non-zero status, the node
reference count is decremented to trigger the release of the nodelist
structure. However, if there is a prior registration or dev-loss-evt work
pending, the node may be released prematurely. When dev-loss-evt
completes, the released node is referenced causing a use-after-free null
pointer dereference.
Similarly, when processing non-zero ELS PLOGI completion status in
lpfc_cmpl_els_plogi(), the ndlp flags are checked for a transport
registration before triggering node removal. If dev-loss-evt work is
pending, the node may be released prematurely and a subsequent call to
lpfc_dev_loss_tmo_handler() results in a use after free ndlp dereference.
Add test for pending dev-loss before decrementing the node reference count
for FLOGI, PLOGI, PRLI, and ADISC handling.
CVSS
No CVSS.
References
Configurations
History
02 May 2025, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
24 Mar 2025, 19:48
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| First Time |
Linux linux Kernel
Linux |
|
| References | () https://git.kernel.org/stable/c/577a942df3de2666f6947bdd3a5c9e8d30073424 - Patch | |
| References | () https://git.kernel.org/stable/c/10663ebec0ad5c78493a0dd34c9ee4d73d7ca0df - Patch |
26 Feb 2025, 07:01
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-02-26 07:01
Updated : 2025-05-02 07:15
NVD link : CVE-2022-49535
Mitre link : CVE-2022-49535
JSON object : View
Products Affected
linux
- linux_kernel
CWE
No CWE.