-

CVE-2022-50840

EPSS 0.06%
Veröffentlicht 30.12.2025 12:10:59
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

scsi: snic: Fix possible UAF in snic_tgt_create()

In the Linux kernel, the following vulnerability has been resolved:

scsi: snic: Fix possible UAF in snic_tgt_create()

Smatch reports a warning as follows:

drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn:
  '&tgt->list' not removed from list

If device_add() fails in snic_tgt_create(), tgt will be freed, but
tgt->list will not be removed from snic->disc.tgt_list, then list traversal
may cause UAF.

Remove from snic->disc.tgt_list before free().

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 12

CNA 2 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

Version < f9d8b8ba0f1a16cde0b1fc9e80466df76b6db8ff

Status affected

Version c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

Version < 3772319e40527e6a5f2ec1d729e01f271d818f5c

Status affected

Version c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

Version < 3007f96ca20c848d0b1b052df6d2cb5ae5586e78

Status affected

Version c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

Version < 6866154c23fba40888ad6d554cccd4bf2edb755e

Status affected

Version c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

Version < ad27f74e901fc48729733c88818e6b96c813057d

Status affected

Version c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

Version < 1895e908b3ae66a5312fd1b2cdda2da82993dca7

Status affected

Version c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

Version < c7f0f8dab1ae5def57c1a8a9cafd6fabe1dc27cc

Status affected

Version c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

Version < 4141cd9e8b3379aea52a85d2c35f6eaf26d14e86

Status affected

Version c8806b6c9e824f47726f2a9b7fbbe7ebf19306fa

Version < e118df492320176af94deec000ae034cc92be754

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.2

Status affected

Version 0

Version < 4.2

Status unaffected

Version <= 4.9.*

Version 4.9.337

Status unaffected

Version <= 4.14.*

Version 4.14.303

Status unaffected

Version <= 4.19.*

Version 4.19.270

Status unaffected

Version <= 5.4.*

Version 5.4.229

Status unaffected

Version <= 5.10.*

Version 5.10.163

Status unaffected

Version <= 5.15.*

Version 5.15.86

Status unaffected

Version <= 6.0.*

Version 6.0.16

Status unaffected

Version <= 6.1.*

Version 6.1.2

Status unaffected

Version <= *

Version 6.2

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.196

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/f9d8b8ba0f1a16cde0b1fc9e80466df76b6db8ff

https://git.kernel.org/stable/c/3772319e40527e6a5f2ec1d729e01f271d818f5c

https://git.kernel.org/stable/c/3007f96ca20c848d0b1b052df6d2cb5ae5586e78

https://git.kernel.org/stable/c/6866154c23fba40888ad6d554cccd4bf2edb755e

https://git.kernel.org/stable/c/ad27f74e901fc48729733c88818e6b96c813057d

https://git.kernel.org/stable/c/1895e908b3ae66a5312fd1b2cdda2da82993dca7

https://git.kernel.org/stable/c/c7f0f8dab1ae5def57c1a8a9cafd6fabe1dc27cc

https://git.kernel.org/stable/c/4141cd9e8b3379aea52a85d2c35f6eaf26d14e86

https://git.kernel.org/stable/c/e118df492320176af94deec000ae034cc92be754

https://nvd.nist.gov/vuln/detail/CVE-2022-50840

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50840

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50840

EUVD