CVE-2022-49534

Published: Feb 26, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s login_mbox). Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(), and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for service parameters. For lpfc_els_rsp_reject() failure, free both the ctx_buf for service parameters and the login_mbox.

Vendor	Product	Versions
Linux	Linux	affected `858c9f6c19c6f9bf86cbbc64ce0d17c61d6131b8 - < c00df0f34a6d5e14da379f96ea67e501ce67b002` affected `858c9f6c19c6f9bf86cbbc64ce0d17c61d6131b8 - < 672d1cb40551ea9c95efad43ab6d45e4ab4e015f`
Linux	Linux	affected `2.6.23` unaffected `0 - < 2.6.23` unaffected `5.18.3 - <= 5.18.` unaffected `5.19 - <= `

References

https://git.kernel.org/stable/c/c00df0f34a6d5e14da379f96ea67e501ce67b002

https://git.kernel.org/stable/c/672d1cb40551ea9c95efad43ab6d45e4ab4e015f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-49534

Description

Affected Products

References