-
CVE-2022-50459
- EPSS 0.02%
- Veröffentlicht 01.10.2025 12:15:39
- Zuletzt bearbeitet 02.10.2025 19:12:17
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved:
scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
Fix a NULL pointer crash that occurs when we are freeing the socket at the
same time we access it via sysfs.
The problem is that:
1. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() take
the frwd_lock and do sock_hold() then drop the frwd_lock. sock_hold()
does a get on the "struct sock".
2. iscsi_sw_tcp_release_conn() does sockfd_put() which does the last put
on the "struct socket" and that does __sock_release() which sets the
sock->ops to NULL.
3. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() then
call kernel_getpeername() which accesses the NULL sock->ops.
Above we do a get on the "struct sock", but we needed a get on the "struct
socket". Originally, we just held the frwd_lock the entire time but in
commit bcf3a2953d36 ("scsi: iscsi: iscsi_tcp: Avoid holding spinlock while
calling getpeername()") we switched to refcount based because the network
layer changed and started taking a mutex in that path, so we could no
longer hold the frwd_lock.
Instead of trying to maintain multiple refcounts, this just has us use a
mutex for accessing the socket in the interface code paths.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
884a788f065578bb640382279a83d1df433b13e6
Version
bcf3a2953d36bbfb9bd44ccb3db0897d935cc485
Status
affected
Version <
a26b0658751bb0a3b28386fca715333b104d32a2
Version
bcf3a2953d36bbfb9bd44ccb3db0897d935cc485
Status
affected
Version <
897dbbc57d71e8a34ec1af8e573a142de457da38
Version
bcf3a2953d36bbfb9bd44ccb3db0897d935cc485
Status
affected
Version <
0a0b861fce2657ba08ec356a74346b37ca4b2008
Version
bcf3a2953d36bbfb9bd44ccb3db0897d935cc485
Status
affected
Version <
57569c37f0add1b6489e1a1563c71519daf732cf
Version
bcf3a2953d36bbfb9bd44ccb3db0897d935cc485
Status
affected
Version
7d29e950766327f658cb92722b9445ac3b3ae023
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
5.9
Status
affected
Version <
5.9
Version
0
Status
unaffected
Version <=
5.10.*
Version
5.10.150
Status
unaffected
Version <=
5.15.*
Version
5.15.75
Status
unaffected
Version <=
5.19.*
Version
5.19.17
Status
unaffected
Version <=
6.0.*
Version
6.0.3
Status
unaffected
Version <=
*
Version
6.1
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.05 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|