CVE-2022-49114: scsi: libfc: Fix use after free in fc_exch_abts_resp()
First published: Wed Feb 26 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the reference count reaches zero, it is freed. But ep is still used in the following code, which will lead to a use after free. Return after the fc_exch_release() call to avoid use after free.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | <4.9.311 | |
| Linux Kernel | >=4.10<4.14.276 | |
| Linux Kernel | >=4.15<4.19.238 | |
| Linux Kernel | >=4.20<5.4.189 | |
| Linux Kernel | >=5.5<5.10.111 | |
| Linux Kernel | >=5.11<5.15.34 | |
| Linux Kernel | >=5.16<5.16.20 | |
| Linux Kernel | >=5.17<5.17.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/4a131d4ea8b581ac9b01d3a72754db4848be3232
- https://git.kernel.org/stable/c/499d198494e77b6533251b9b909baf5c101129cb
- https://git.kernel.org/stable/c/6044ad64f41c87382cfeeca281573d1886d80cbe
- https://git.kernel.org/stable/c/5cf2ce8967b0d98c8cfa4dc42ef4fcf080f5c836
- https://git.kernel.org/stable/c/1d7effe5fff9d28e45e18ac3a564067c7ddfe898
- https://git.kernel.org/stable/c/f581df412bc45c95176e3c808ee2839c05b2ab0c
- https://git.kernel.org/stable/c/87909291762d08fdb60d19069d7a89b5b308d0ef
- https://git.kernel.org/stable/c/412dd8299b02e4410fe77b8396953c1a8dde183a
- https://git.kernel.org/stable/c/271add11994ba1a334859069367e04d2be2ebdd4
Frequently Asked Questions
What is the severity of CVE-2022-49114?
CVE-2022-49114 has been classified as a high-severity vulnerability due to its potential impact on system stability and security.
How do I fix CVE-2022-49114?
To mitigate CVE-2022-49114, it is recommended to update your Linux kernel to a version that includes the patch addressing this vulnerability.
What systems are affected by CVE-2022-49114?
CVE-2022-49114 affects various versions of the Linux kernel, specifically versions prior to 4.9.311 and specific versions within the 4.x and 5.x ranges.
What is the nature of the vulnerability in CVE-2022-49114?
CVE-2022-49114 is a use-after-free vulnerability in the Linux kernel's SCSI subsystem that could lead to unexpected behavior or crashes.
Is CVE-2022-49114 exploitable remotely?
CVE-2022-49114 is primarily related to local system operations, but its exploitation could potentially affect system operations in multi-user environments.
- agent/first-publish-date
- agent/type
- agent/title
- agent/author
- agent/references
- agent/source
- agent/description
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/5.17