CVE-2022-50532 in Linux
Summary
by MITRE • 10/07/2025
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
In mpt3sas_transport_port_add(), if sas_rphy_add() returns error, sas_rphy_free() needs be called to free the resource allocated in sas_end_device_alloc(). Otherwise a kernel crash will happen:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 45 PID: 37020 Comm: bash Kdump: loaded Tainted: G W 6.1.0-rc1+ #189 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x54/0x3d0 lr : device_del+0x37c/0x3d0 Call trace: device_del+0x54/0x3d0 attribute_container_class_device_del+0x28/0x38 transport_remove_classdev+0x6c/0x80 attribute_container_device_trigger+0x108/0x110 transport_remove_device+0x28/0x38 sas_rphy_remove+0x50/0x78 [scsi_transport_sas]
sas_port_delete+0x30/0x148 [scsi_transport_sas]
do_sas_phy_delete+0x78/0x80 [scsi_transport_sas]
device_for_each_child+0x68/0xb0 sas_remove_children+0x30/0x50 [scsi_transport_sas]
sas_rphy_remove+0x38/0x78 [scsi_transport_sas]
sas_port_delete+0x30/0x148 [scsi_transport_sas]
do_sas_phy_delete+0x78/0x80 [scsi_transport_sas]
device_for_each_child+0x68/0xb0 sas_remove_children+0x30/0x50 [scsi_transport_sas]
sas_remove_host+0x20/0x38 [scsi_transport_sas]
scsih_remove+0xd8/0x420 [mpt3sas]
Because transport_add_device() is not called when sas_rphy_add() fails, the device is not added. When sas_rphy_remove() is subsequently called to remove the device in the remove() path, a NULL pointer dereference happens.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/19/2026
The vulnerability CVE-2022-50532 affects the Linux kernel's SCSI multipath transport subsystem, specifically within the mpt3sas driver responsible for managing LSI MegaRAID SAS controllers. This issue represents a classic resource management flaw that can lead to system instability and potential denial of service conditions. The problem occurs during the port addition process in the mpt3sas_transport_port_add() function where proper error handling fails to release allocated resources, creating a scenario where kernel memory corruption can occur.
The technical flaw manifests when sas_rphy_add() function returns an error condition, but the subsequent sas_rphy_free() cleanup function is not invoked to properly deallocate resources that were allocated by sas_end_device_alloc(). This resource leak creates a state where the kernel attempts to access a NULL pointer at virtual address 0x108 during device removal operations, resulting in a kernel NULL pointer dereference. The call trace demonstrates the cascading failure path through the SCSI transport subsystem, where device deletion routines eventually attempt to operate on freed or improperly initialized structures.
This vulnerability directly relates to CWE-457: Use of Uninitialized Variables and CWE-415: Double Free, as it involves improper resource management where allocated memory is not properly freed when error conditions occur. The operational impact extends beyond simple resource leaks to potential system crashes and kernel panics, particularly affecting systems running Linux kernel versions 6.1.0-rc1 and later with mpt3sas drivers. The vulnerability is particularly concerning in enterprise storage environments where these controllers are commonly deployed, as it can lead to unexpected system downtime and data accessibility issues.
The attack surface is primarily limited to systems utilizing the mpt3sas driver for SCSI storage operations, typically found in enterprise server environments, storage arrays, and high-performance computing clusters. The vulnerability requires specific conditions to be triggered, namely the failure of sas_rphy_add() during port addition operations, which can occur during system initialization, device hot-plugging, or during error recovery scenarios. Organizations should prioritize patching this vulnerability, as it represents a critical reliability issue that can be exploited to cause system instability, particularly in mission-critical environments where storage availability is paramount.
Mitigation strategies should focus on applying the kernel patch that ensures proper resource cleanup when sas_rphy_add() fails, implementing comprehensive monitoring for kernel panic events related to SCSI subsystem operations, and maintaining regular kernel updates to address similar resource management issues. The fix implements proper error handling to ensure that sas_rphy_free() is called regardless of sas_rphy_add() success or failure, preventing the NULL pointer dereference condition. System administrators should also consider implementing automated alerting for kernel oops messages and device removal failures to detect potential exploitation attempts or system instability related to this vulnerability.