Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfc_create_port() Commit 5e633302ace1 ("scsi: lpfc: vmid: Add support for VMID in mailbox command") introduced allocations for the VMID resources in lpfc_create_port() after the call to scsi_host_alloc(). Upon failure on the VMID allocations, the new code would branch to the 'out' label, which returns NULL without unwinding anything, thus skipping the call to scsi_host_put(). Fix the problem by creating a separate label 'out_free_vmid' to unwind the VMID resources and make the 'out_put_shost' label call only scsi_host_put(), as was done before the introduction of allocations for VMID.
References
- https://git.kernel.org/stable/c/5ea1f195f51c2bb5915ccfb2b2885ca81ce9262b
- https://git.kernel.org/stable/c/9749595feb33a1a2b848800192224ffeed5346b4
- https://git.kernel.org/stable/c/dc8e483f684a24cc06e1d5fa958b54db58855093
FAQ
What is CVE-2022-50827?
CVE-2022-50827 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfc_create_port() Commit 5e633302ace1 ("scsi: lpfc: vmid: Add support for VMID in mailbox command"...
How severe is CVE-2022-50827?
CVSS scoring is not yet available for CVE-2022-50827. Check NVD for updates.
Is there a patch for CVE-2022-50827?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.