CVE-2022-50827

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix memory leak in lpfc_create_port()

Commit 5e633302ace1 ("scsi: lpfc: vmid: Add support for VMID in mailbox command") introduced allocations for the VMID resources in lpfc_create_port() after the call to scsi_host_alloc(). Upon failure on the VMID allocations, the new code would branch to the 'out' label, which returns NULL without unwinding anything, thus skipping the call to scsi_host_put().

Fix the problem by creating a separate label 'out_free_vmid' to unwind the VMID resources and make the 'out_put_shost' label call only scsi_host_put(), as was done before the introduction of allocations for VMID.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux5e633302ace1f61f8ea5a3ce21e19a4d79126cca < 9749595feb33a1a2b848800192224ffeed5346b4affected
LinuxLinux5e633302ace1f61f8ea5a3ce21e19a4d79126cca < 5ea1f195f51c2bb5915ccfb2b2885ca81ce9262baffected
LinuxLinux5e633302ace1f61f8ea5a3ce21e19a4d79126cca < dc8e483f684a24cc06e1d5fa958b54db58855093affected
LinuxLinux5.14affected
LinuxLinux0 < 5.14unaffected
LinuxLinux5.15.76 <= 5.15.*unaffected
LinuxLinux6.0.6 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References