CVE-2022-50493

EPSS 0.02%
Veröffentlicht 04.10.2025 15:43:45
Zuletzt bearbeitet 06.10.2025 14:56:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix crash when I/O abort times out

While performing CPU hotplug, a crash with the following stack was seen:

Call Trace:
     qla24xx_process_response_queue+0x42a/0x970 [qla2xxx]
     qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx]
     qla_nvme_post_cmd+0x166/0x240 [qla2xxx]
     nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc]
     blk_mq_dispatch_rq_list+0x17b/0x610
     __blk_mq_sched_dispatch_requests+0xb0/0x140
     blk_mq_sched_dispatch_requests+0x30/0x60
     __blk_mq_run_hw_queue+0x35/0x90
     __blk_mq_delay_run_hw_queue+0x161/0x180
     blk_execute_rq+0xbe/0x160
     __nvme_submit_sync_cmd+0x16f/0x220 [nvme_core]
     nvmf_connect_admin_queue+0x11a/0x170 [nvme_fabrics]
     nvme_fc_create_association.cold+0x50/0x3dc [nvme_fc]
     nvme_fc_connect_ctrl_work+0x19/0x30 [nvme_fc]
     process_one_work+0x1e8/0x3c0

On abort timeout, completion was called without checking if the I/O was
already completed.

Verify that I/O and abort request are indeed outstanding before attempting
completion.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < d3871af13aa03fbbe7fbb812eaf140501229a72e

Version 71c80b75ce8f08c0978ce9a9816b81b5c3ce5e12

Status affected

Version < cb4dff498468b62e8c520568559b3a9007e104d7

Version 71c80b75ce8f08c0978ce9a9816b81b5c3ce5e12

Status affected

Version < 05382ed9142cf8a8a3fb662224477eecc415778b

Version 71c80b75ce8f08c0978ce9a9816b81b5c3ce5e12

Status affected

Version < 68ad83188d782b2ecef2e41ac245d27e0710fe8e

Version 71c80b75ce8f08c0978ce9a9816b81b5c3ce5e12

Status affected

Version 457173c8b43ecd3ac48c8ace8d4437a50f7ad77b

Status affected

Version b7abcc7df5e131c0b4bf89cb2411c5301ee83d26

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.5

Status affected

Version < 5.5

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.86

Status unaffected

Version <= 6.0.*

Version 6.0.16

Status unaffected

Version <= 6.1.*

Version 6.1.2

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/d3871af13aa03fbbe7fbb812eaf140501229a72e

https://git.kernel.org/stable/c/cb4dff498468b62e8c520568559b3a9007e104d7

https://git.kernel.org/stable/c/05382ed9142cf8a8a3fb662224477eecc415778b

https://git.kernel.org/stable/c/68ad83188d782b2ecef2e41ac245d27e0710fe8e

https://nvd.nist.gov/vuln/detail/CVE-2022-50493

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50493

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50493

EUVD