vulnerability
Ubuntu: (CVE-2022-50827): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Jan 2, 2026 | Jan 6, 2026 | Jan 7, 2026 |
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfc_create_port() Commit 5e633302ace1 ("scsi: lpfc: vmid: Add support for VMID in mailbox command") introduced allocations for the VMID resources in lpfc_create_port() after the call to scsi_host_alloc(). Upon failure on the VMID allocations, the new code would branch to the 'out' label, which returns NULL without unwinding anything, thus skipping the call to scsi_host_put(). Fix the problem by creating a separate label 'out_free_vmid' to unwind the VMID resources and make the 'out_put_shost' label call only scsi_host_put(), as was done before the introduction of allocations for VMID.
Solutions
References
- CVE-2022-50827
- https://attackerkb.com/topics/CVE-2022-50827
- URL-https://git.kernel.org/linus/dc8e483f684a24cc06e1d5fa958b54db58855093
- URL-https://git.kernel.org/stable/c/5ea1f195f51c2bb5915ccfb2b2885ca81ce9262b
- URL-https://git.kernel.org/stable/c/9749595feb33a1a2b848800192224ffeed5346b4
- URL-https://git.kernel.org/stable/c/dc8e483f684a24cc06e1d5fa958b54db58855093
- URL-https://www.cve.org/CVERecord?id=CVE-2022-50827
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.