CVE-2022-50467

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID

An error case exit from lpfc_cmpl_ct_cmd_gft_id() results in a call to lpfc_nlp_put() with a null pointer to a nodelist structure.

Changed lpfc_cmpl_ct_cmd_gft_id() to initialize nodelist pointer upon entry.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux04c1d9c50ae32d6efd0b71024b3829051821c7a2 < 04e7cd8c85636a329d1a6e5a269a7c8b6f71c41caffected
LinuxLinux04c1d9c50ae32d6efd0b71024b3829051821c7a2 < 82dc1fe4324e2c897f2ed1c66f4fcff03094ac3aaffected
LinuxLinux04c1d9c50ae32d6efd0b71024b3829051821c7a2 < 59b7e210a522b836a01516c71ee85d1d92c1f075affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.19.17 <= 5.19.*unaffected
LinuxLinux6.0.3 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References