CVE-2022-49730 in Linuxinfo

Summary

by MITRE • 02/26/2025

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted

A use-after-free crash can occur after an ELS LOGO is aborted.

Specifically, a nodelist structure is freed and then ndlp->vport->cfg_log_verbose is dereferenced in lpfc_nlp_get() when the discovery state machine is mistakenly called a second time with NLP_EVT_DEVICE_RM argument.

Rework lpfc_cmpl_els_logo() to prevent the duplicate calls to release a nodelist structure.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

Linux

Reservation

02/26/2025

Disclosure

02/26/2025

Moderation

revoked

Entry

VDB-297231

CPE

ready

CWE

CWE-416 (confirmed)

CVSS

5.5 (VulDB)

EPSS

0.00000

KEV

Activities

very low

Sector

Industry, Finance, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-49730
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-49730
CVE Details	https://www.cvedetails.com/cve/CVE-2022-49730/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!