CVE-2022-50532 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 7
Latest updateApr 19
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
In mpt3sas_transport_port_add(), if sas_rphy_add() returns error,
sas_rphy_free() needs be called to free the resource allocated in
sas_end_device_alloc(). Otherwise a kernel crash will happen:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108
CPU: 45 PID: 37020 Comm: bash Kdump: loaded Tainted: G W 6.1.0-rc1+ #189
ps…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
▶CVEListV5linux/linuxf92363d12359498f9a9960511de1a550f0ec41c2 — d60000cb1195a464080b0efb4949daf7594e0020+6
Patches
🔴Vulnerability Details
3VulDB▶
Linux Kernel up to 6.1.1 mpt3sas_transport_port_add null pointer dereference (Nessus ID 297598 / WID-SEC-2025-2229)↗2026-04-19
GHSA▶
GHSA-mh3q-xm25-mf6x: In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
In mp↗2025-10-07
OSV▶
CVE-2022-50532: In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() In mpt3↗2025-10-07