{"timestamp":"2025-02-27T18:15:34.195435Z","id":"CVE-2022-49535","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/scsi/lpfc/lpfc_els.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"52edb2caf675684acf2140a125de4774c691fecd","lessThan":"c7dc74ab7975c9b96284abfe4cca756d75fa4604","versionType":"git","status":"affected"},{"version":"52edb2caf675684acf2140a125de4774c691fecd","lessThan":"10663ebec0ad5c78493a0dd34c9ee4d73d7ca0df","versionType":"git","status":"affected"},{"version":"52edb2caf675684acf2140a125de4774c691fecd","lessThan":"577a942df3de2666f6947bdd3a5c9e8d30073424","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/scsi/lpfc/lpfc_els.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.11","status":"affected"},{"version":"0","lessThan":"5.11","versionType":"semver","status":"unaffected"},{"version":"5.15.181","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"5.18.3","lessThanOrEqual":"5.18.*","versionType":"semver","status":"unaffected"},{"version":"5.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]

OR
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 5.18.3

OR
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 5.15.181
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 5.18.3

kernel.org: https://git.kernel.org/stable/c/c7dc74ab7975c9b96284abfe4cca756d75fa4604 Types: Patch

https://git.kernel.org/stable/c/c7dc74ab7975c9b96284abfe4cca756d75fa4604

OR
          *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 5.18.3

kernel.org: https://git.kernel.org/stable/c/10663ebec0ad5c78493a0dd34c9ee4d73d7ca0df Types: Patch

kernel.org: https://git.kernel.org/stable/c/577a942df3de2666f6947bdd3a5c9e8d30073424 Types: Patch

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI

If lpfc_issue_els_flogi() fails and returns non-zero status, the node
reference count is decremented to trigger the release of the nodelist
structure. However, if there is a prior registration or dev-loss-evt work
pending, the node may be released prematurely.  When dev-loss-evt
completes, the released node is referenced causing a use-after-free null
pointer dereference.

Similarly, when processing non-zero ELS PLOGI completion status in
lpfc_cmpl_els_plogi(), the ndlp flags are checked for a transport
registration before triggering node removal.  If dev-loss-evt work is
pending, the node may be released prematurely and a subsequent call to
lpfc_dev_loss_tmo_handler() results in a use after free ndlp dereference.

Add test for pending dev-loss before decrementing the node reference count
for FLOGI, PLOGI, PRLI, and ADISC handling.

https://git.kernel.org/stable/c/10663ebec0ad5c78493a0dd34c9ee4d73d7ca0df

https://git.kernel.org/stable/c/577a942df3de2666f6947bdd3a5c9e8d30073424