CVE-2022-49521

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()

If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a
received frame, the frame is dropped and resources are leaked.

Fix by returning resources when discarding an unhandled frame type.  Update
lpfc_fc_frame_check() handling of NOP basic link service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.234-1
fixed
bookworm
6.1.123-1
fixed
bookworm (security)
6.1.128-1
fixed
trixie
6.12.12-1
fixed
sid
6.12.16-1
fixed
References
https://git.kernel.org/stable/c/08709769ff2fb6c5ffedcda3742700d8ea1618a8
https://git.kernel.org/stable/c/40cf4ea4d2d497f7732c87d350ba5c3f5e8a43a1
https://git.kernel.org/stable/c/646db1a560f44236b7278b822ca99a1d3b6ea72c
https://git.kernel.org/stable/c/7860d8f8082605b57596aa82d3d438c1fdad9a9e
https://git.kernel.org/stable/c/fa1b509d41c5433672f72c0615cf4aefa0611c99