CVE-2022-49534 in Linuxinfo

Summary

by MITRE • 02/26/2025

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT

There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s login_mbox).

Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(), and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for service parameters.

For lpfc_els_rsp_reject() failure, free both the ctx_buf for service parameters and the login_mbox.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 05/23/2025

The vulnerability identified as CVE-2022-49534 resides within the Linux kernel's SCSI subsystem, specifically affecting the LightPulse Fibre Channel Host Bus Adapter (HBA) driver known as lpfc. This issue manifests as a memory leak that occurs during the handling of NPIV (N_Port Identifier Virtualization) ports when processing PLOGI_RJT (Port Login Reject) responses. The lpfc driver manages Fibre Channel communications and is commonly used in enterprise storage environments where reliable memory management is critical for system stability and performance. The vulnerability specifically impacts the driver's ability to properly release memory resources when processing ELS (Exchange Link Services) commands, particularly during the login process for virtualized port configurations.

The technical flaw exists in two primary functions within the lpfc driver: lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject(). These functions are responsible for handling completion of ELS commands and rejecting login requests respectively. The memory leak occurs because the driver fails to properly account for memory allocations that occur during NPIV PLOGI_RJT processing. When a login request is rejected for NPIV ports, the code path allocates memory for command structures including cmdiocb->context_un.mbox and mbox->ctx_buf which contain service parameters. However, in certain failure scenarios, these allocated memory segments are not properly freed back to their respective memory pools, specifically phba->mbox_mem_pool, leading to gradual memory consumption that can eventually impact system performance and stability.

The operational impact of this vulnerability extends beyond simple memory consumption issues as it affects the reliability of Fibre Channel storage communications in virtualized environments. When the memory leak occurs, it can lead to progressive degradation of system performance as available memory decreases, potentially causing system instability or complete failure of storage operations. This is particularly concerning in enterprise data center environments where Fibre Channel storage arrays rely heavily on NPIV for virtual machine consolidation and dynamic resource allocation. The vulnerability represents a classic memory management flaw that can be exploited through repeated login rejection scenarios, making it a potential denial-of-service vector that could impact critical storage infrastructure.

Mitigation strategies for CVE-2022-49534 involve applying the kernel patch that properly implements memory cleanup in both affected functions. The fix requires checking whether cmdiocb->context_un.mbox was allocated within lpfc_ignore_els_cmpl() and ensuring it is freed back to the phba->mbox_mem_pool along with the associated mbox->ctx_buf for service parameters. Additionally, for failure conditions in lpfc_els_rsp_reject(), both the ctx_buf for service parameters and the login_mbox must be properly freed to prevent memory leaks. This vulnerability aligns with CWE-401: Improper Release of Memory and can be categorized under ATT&CK technique T1499.004: Endpoint Denial of Service, as it can lead to resource exhaustion and system instability. System administrators should prioritize patching affected kernel versions and monitoring for memory consumption patterns that might indicate exploitation of this vulnerability, particularly in environments heavily utilizing NPIV and Fibre Channel storage solutions.

Responsible

Linux

Reservation

02/26/2025

Disclosure

02/26/2025

Moderation

accepted

CPE

ready

EPSS

0.00215

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!