5.5

CVE-2022-50027

scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE

There is no corresponding free routine if lpfc_sli4_issue_wqe fails to
issue the CMF WQE in lpfc_issue_cmf_sync_wqe.

If ret_val is non-zero, then free the iocbq request structure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15 < 5.15.63
LinuxLinux Kernel Version >= 5.16 < 5.19.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.053
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/9c8e2e607270a368834a0ef72aa82d970f89c596
Patch
https://git.kernel.org/stable/c/4eb7a1beff03836d3df271cd23b790884e3facb9
Patch
https://git.kernel.org/stable/c/2f67dc7970bce3529edce93a0a14234d88b3fcd5
Patch