CVE-2022-49534

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 26, 2025

Updated: Mar 10, 2025

CWE ID 401

Summary

CVE-2022-44934 is a memory leak vulnerability affecting the Linux kernel's lpfc driver. The issue occurs in the functions lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject(), which deal with NPIV PLOGI_RJT messages. These functions fail to properly free memory allocated from the login_mbox and ctx_buf for service parameters. Consequently, a potential memory leak can occur if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(). To mitigate this issue, the necessary memory should be freed back to phba->mbox_mem_pool along with mbox->ctx_buf for service parameters. Similarly, for lpfc_els_rsp_reject() failure, the ctx_buf for service parameters and the login_mbox must be freed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners