CVE-2022-50493

EPSS 0.02%
Published 04.10.2025 15:43:45
Last modified 06.10.2025 14:56:21
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix crash when I/O abort times out

While performing CPU hotplug, a crash with the following stack was seen:

Call Trace:
     qla24xx_process_response_queue+0x42a/0x970 [qla2xxx]
     qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx]
     qla_nvme_post_cmd+0x166/0x240 [qla2xxx]
     nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc]
     blk_mq_dispatch_rq_list+0x17b/0x610
     __blk_mq_sched_dispatch_requests+0xb0/0x140
     blk_mq_sched_dispatch_requests+0x30/0x60
     __blk_mq_run_hw_queue+0x35/0x90
     __blk_mq_delay_run_hw_queue+0x161/0x180
     blk_execute_rq+0xbe/0x160
     __nvme_submit_sync_cmd+0x16f/0x220 [nvme_core]
     nvmf_connect_admin_queue+0x11a/0x170 [nvme_fabrics]
     nvme_fc_create_association.cold+0x50/0x3dc [nvme_fc]
     nvme_fc_connect_ctrl_work+0x19/0x30 [nvme_fc]
     process_one_work+0x1e8/0x3c0

On abort timeout, completion was called without checking if the I/O was
already completed.

Verify that I/O and abort request are indeed outstanding before attempting
completion.

Affected products Warnungen 0 Metrics 1 CWE 0 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < d3871af13aa03fbbe7fbb812eaf140501229a72e

Version 71c80b75ce8f08c0978ce9a9816b81b5c3ce5e12

Status affected

Version < cb4dff498468b62e8c520568559b3a9007e104d7

Version 71c80b75ce8f08c0978ce9a9816b81b5c3ce5e12

Status affected

Version < 05382ed9142cf8a8a3fb662224477eecc415778b

Version 71c80b75ce8f08c0978ce9a9816b81b5c3ce5e12

Status affected

Version < 68ad83188d782b2ecef2e41ac245d27e0710fe8e

Version 71c80b75ce8f08c0978ce9a9816b81b5c3ce5e12

Status affected

Version 457173c8b43ecd3ac48c8ace8d4437a50f7ad77b

Status affected

Version b7abcc7df5e131c0b4bf89cb2411c5301ee83d26

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 5.5

Status affected

Version < 5.5

Version 0

Status unaffected

Version <= 5.15.*

Version 5.15.86

Status unaffected

Version <= 6.0.*

Version 6.0.16

Status unaffected

Version <= 6.1.*

Version 6.1.2

Status unaffected

Version <= *

Version 6.2

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/d3871af13aa03fbbe7fbb812eaf140501229a72e

https://git.kernel.org/stable/c/cb4dff498468b62e8c520568559b3a9007e104d7

https://git.kernel.org/stable/c/05382ed9142cf8a8a3fb662224477eecc415778b

https://git.kernel.org/stable/c/68ad83188d782b2ecef2e41ac245d27e0710fe8e

https://nvd.nist.gov/vuln/detail/CVE-2022-50493

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50493

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50493

EUVD