CVE-2022-50827
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix memory leak in lpfc_create_port()
Commit 5e633302ace1 ("scsi: lpfc: vmid: Add support for VMID in mailbox command") introduced allocations for the VMID resources in lpfc_create_port() after the call to scsi_host_alloc(). Upon failure on the VMID allocations, the new code would branch to the 'out' label, which returns NULL without unwinding anything, thus skipping the call to scsi_host_put().
Fix the problem by creating a separate label 'out_free_vmid' to unwind the VMID resources and make the 'out_put_shost' label call only scsi_host_put(), as was done before the introduction of allocations for VMID.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 5e633302ace1f61f8ea5a3ce21e19a4d79126cca < 9749595feb33a1a2b848800192224ffeed5346b4 | affected |
| Linux | Linux | 5e633302ace1f61f8ea5a3ce21e19a4d79126cca < 5ea1f195f51c2bb5915ccfb2b2885ca81ce9262b | affected |
| Linux | Linux | 5e633302ace1f61f8ea5a3ce21e19a4d79126cca < dc8e483f684a24cc06e1d5fa958b54db58855093 | affected |
| Linux | Linux | 5.14 | affected |
| Linux | Linux | 0 < 5.14 | unaffected |
| Linux | Linux | 5.15.76 <= 5.15.* | unaffected |
| Linux | Linux | 6.0.6 <= 6.0.* | unaffected |
| Linux | Linux | 6.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/9749595feb33a1a2b848800192224ffeed5346b4
- https://git.kernel.org/stable/c/5ea1f195f51c2bb5915ccfb2b2885ca81ce9262b
- https://git.kernel.org/stable/c/dc8e483f684a24cc06e1d5fa958b54db58855093
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.