-
CVE-2022-50459
- EPSS 0.02%
- Published 01.10.2025 12:15:39
- Last modified 02.10.2025 19:12:17
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()
Fix a NULL pointer crash that occurs when we are freeing the socket at the
same time we access it via sysfs.
The problem is that:
1. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() take
the frwd_lock and do sock_hold() then drop the frwd_lock. sock_hold()
does a get on the "struct sock".
2. iscsi_sw_tcp_release_conn() does sockfd_put() which does the last put
on the "struct socket" and that does __sock_release() which sets the
sock->ops to NULL.
3. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() then
call kernel_getpeername() which accesses the NULL sock->ops.
Above we do a get on the "struct sock", but we needed a get on the "struct
socket". Originally, we just held the frwd_lock the entire time but in
commit bcf3a2953d36 ("scsi: iscsi: iscsi_tcp: Avoid holding spinlock while
calling getpeername()") we switched to refcount based because the network
layer changed and started taking a mutex in that path, so we could no
longer hold the frwd_lock.
Instead of trying to maintain multiple refcounts, this just has us use a
mutex for accessing the socket in the interface code paths.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
884a788f065578bb640382279a83d1df433b13e6
Version
bcf3a2953d36bbfb9bd44ccb3db0897d935cc485
Status
affected
Version <
a26b0658751bb0a3b28386fca715333b104d32a2
Version
bcf3a2953d36bbfb9bd44ccb3db0897d935cc485
Status
affected
Version <
897dbbc57d71e8a34ec1af8e573a142de457da38
Version
bcf3a2953d36bbfb9bd44ccb3db0897d935cc485
Status
affected
Version <
0a0b861fce2657ba08ec356a74346b37ca4b2008
Version
bcf3a2953d36bbfb9bd44ccb3db0897d935cc485
Status
affected
Version <
57569c37f0add1b6489e1a1563c71519daf732cf
Version
bcf3a2953d36bbfb9bd44ccb3db0897d935cc485
Status
affected
Version
7d29e950766327f658cb92722b9445ac3b3ae023
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
5.9
Status
affected
Version <
5.9
Version
0
Status
unaffected
Version <=
5.10.*
Version
5.10.150
Status
unaffected
Version <=
5.15.*
Version
5.15.75
Status
unaffected
Version <=
5.19.*
Version
5.19.17
Status
unaffected
Version <=
6.0.*
Version
6.0.3
Status
unaffected
Version <=
*
Version
6.1
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.05 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|