U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2022-49534

Change History

New CVE Received from kernel.org 2/26/2025 2:01:29 AM

Action Type Old Value New Value
Added Description 

								
							
							
								
							
						
								
							
								
In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT

There is a potential memory leak in lpfc_ignore_els_cmpl() and
lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT
(lpfc_rcv_plogi()'s login_mbox).

Check if cmdiocb->context_un.mbox was allocated in lpfc_ignore_els_cmpl(),
and then free it back to phba->mbox_mem_pool along with mbox->ctx_buf for
service parameters.

For lpfc_els_rsp_reject() failure, free both the ctx_buf for service
parameters and the login_mbox.

								
								
					

					

						Added
						Reference
						
							
							
								
							
								

								
							
							
								
							
						
								
							
								
https://git.kernel.org/stable/c/672d1cb40551ea9c95efad43ab6d45e4ab4e015f

								
								
					

					

						Added
						Reference
						
							
							
								
							
								

								
							
							
								
							
						
								
							
								
https://git.kernel.org/stable/c/c00df0f34a6d5e14da379f96ea67e501ce67b002