-
CVE-2022-50532
- EPSS -
- Published 07.10.2025 15:19:22
- Last modified 07.10.2025 16:15:37
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() In mpt3sas_transport_port_add(), if sas_rphy_add() returns error, sas_rphy_free() needs be called to free the resource allocated in sas_end_device_alloc(). Otherwise a kernel crash will happen: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 45 PID: 37020 Comm: bash Kdump: loaded Tainted: G W 6.1.0-rc1+ #189 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x54/0x3d0 lr : device_del+0x37c/0x3d0 Call trace: device_del+0x54/0x3d0 attribute_container_class_device_del+0x28/0x38 transport_remove_classdev+0x6c/0x80 attribute_container_device_trigger+0x108/0x110 transport_remove_device+0x28/0x38 sas_rphy_remove+0x50/0x78 [scsi_transport_sas] sas_port_delete+0x30/0x148 [scsi_transport_sas] do_sas_phy_delete+0x78/0x80 [scsi_transport_sas] device_for_each_child+0x68/0xb0 sas_remove_children+0x30/0x50 [scsi_transport_sas] sas_rphy_remove+0x38/0x78 [scsi_transport_sas] sas_port_delete+0x30/0x148 [scsi_transport_sas] do_sas_phy_delete+0x78/0x80 [scsi_transport_sas] device_for_each_child+0x68/0xb0 sas_remove_children+0x30/0x50 [scsi_transport_sas] sas_remove_host+0x20/0x38 [scsi_transport_sas] scsih_remove+0xd8/0x420 [mpt3sas] Because transport_add_device() is not called when sas_rphy_add() fails, the device is not added. When sas_rphy_remove() is subsequently called to remove the device in the remove() path, a NULL pointer dereference happens.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
d60000cb1195a464080b0efb4949daf7594e0020
Version
f92363d12359498f9a9960511de1a550f0ec41c2
Status
affected
Version <
ce1a69cc85006b494353911b35171da195d79e25
Version
f92363d12359498f9a9960511de1a550f0ec41c2
Status
affected
Version <
6a92129c8f999ff5b122c100ce7f625eb3e98c4b
Version
f92363d12359498f9a9960511de1a550f0ec41c2
Status
affected
Version <
6f6768e2fc8638fabdd8802c2ef693d7aef01db1
Version
f92363d12359498f9a9960511de1a550f0ec41c2
Status
affected
Version <
d17bca3ddfe507874cb826d32721552da12e741f
Version
f92363d12359498f9a9960511de1a550f0ec41c2
Status
affected
Version <
78316e9dfc24906dd474630928ed1d3c562b568e
Version
f92363d12359498f9a9960511de1a550f0ec41c2
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
3.8
Status
affected
Version <
3.8
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.229
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.86
Status
unaffected
Version <=
6.0.*
Version
6.0.16
Status
unaffected
Version <=
6.1.*
Version
6.1.2
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|