CVE-2022-50414

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails

fcoe_init() calls fcoe_transport_attach(&fcoe_sw_transport), but when fcoe_if_init() fails, &fcoe_sw_transport is not detached and leaves freed &fcoe_sw_transport on fcoe_transports list. This causes panic when reinserting module.

BUG: unable to handle page fault for address: fffffbfff82e2213 RIP: 0010:fcoe_transport_attach+0xe1/0x230 [libfcoe] Call Trace: <TASK> do_one_initcall+0xd0/0x4e0 load_module+0x5eee/0x7210 …

Affected Software

VendorProductVersion RangeStatus
LinuxLinux78a582463c1e3a262aeaf2a291e06a93a7b34212 < d581303d6f8d4139513105d73dd65f26c6707160affected
LinuxLinux78a582463c1e3a262aeaf2a291e06a93a7b34212 < b5cc59470df64f26ad397dbb71cbf130cf489edfaffected
LinuxLinux78a582463c1e3a262aeaf2a291e06a93a7b34212 < cf74d1197c0e3d2f353faa333e9e2847c73713f1affected
LinuxLinux78a582463c1e3a262aeaf2a291e06a93a7b34212 < be5f1a82ad6056db22c86005dc4cac22a20deeefaffected
LinuxLinux78a582463c1e3a262aeaf2a291e06a93a7b34212 < 22e8c7a56bb1cd2ed0beaaccb34282ac9cbbe27eaffected
LinuxLinux78a582463c1e3a262aeaf2a291e06a93a7b34212 < 09a60f908d8b6497f618113b7c3c31267dc90911affected
LinuxLinux78a582463c1e3a262aeaf2a291e06a93a7b34212 < 1dc499c615aa87dc46a3f2d1f91d2d358e55f3e3affected
LinuxLinux78a582463c1e3a262aeaf2a291e06a93a7b34212 < aef82d16be5a353d913163f26fc4385e296be2b8affected
LinuxLinux78a582463c1e3a262aeaf2a291e06a93a7b34212 < 4155658cee394b22b24c6d64e49247bf26d95b92affected
LinuxLinux2.6.39affected
LinuxLinux0 < 2.6.39unaffected
LinuxLinux4.9.337 <= 4.9.*unaffected
LinuxLinux4.14.303 <= 4.14.*unaffected
LinuxLinux4.19.270 <= 4.19.*unaffected
LinuxLinux5.4.229 <= 5.4.*unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References