CVE-2022-49521

Published: Feb 26, 2025Modified: Oct 21, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a received frame, the frame is dropped and resources are leaked. Fix by returning resources when discarding an unhandled frame type. Update lpfc_fc_frame_check() handling of NOP basic link service.

Affected (4)

Products: Linux: Linux Kernel

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.10.121
Linux Linux Kernel	From 5.11 to 5.15.46
Linux Linux Kernel	From 5.16 to 5.17.14
Linux Linux Kernel	From 5.18 to 5.18.3

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (5)

https://git.kernel.org/stable/c/08709769ff2fb6c5ffedcda3742700d8ea1618a8

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/40cf4ea4d2d497f7732c87d350ba5c3f5e8a43a1

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/646db1a560f44236b7278b822ca99a1d3b6ea72c

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/7860d8f8082605b57596aa82d3d438c1fdad9a9e

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/fa1b509d41c5433672f72c0615cf4aefa0611c99

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.