CVE-2022-50827Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 93.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfc_create_port() Commit 5e633302ace1 ("scsi: lpfc: vmid: Add support for VMID in mailbox command") introduced allocations for the VMID resources in lpfc_create_port() after the call to scsi_host_alloc(). Upon failure on the VMID allocations, the new code would branch to the 'out' label, which returns NULL without unwinding anything, thus skipping the call to scsi_host_put(). Fix the problem by

Affected Packages4 packages

Linuxlinux/linux_kernel5.14.05.15.76+1
Debianlinux/linux_kernel< 6.0.6-1+2
CVEListV5linux/linux5e633302ace1f61f8ea5a3ce21e19a4d79126cca9749595feb33a1a2b848800192224ffeed5346b4+3
debiandebian/linux< linux 6.0.6-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2022-50827: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfc_create_port() Commit 5e633302ace1 ("scsi: lpfc2025-12-30
GHSA
GHSA-6pw2-377m-5mj9: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix memory leak in lpfc_create_port() Commit 5e633302ace1 ("scsi: lp2025-12-30
OSV
scsi: lpfc: Fix memory leak in lpfc_create_port()2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: scsi: lpfc: Fix memory leak in lpfc_create_port()2025-12-30
Debian
CVE-2022-50827: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc:...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50827 Impact, Exploitability, and Mitigation Steps | Wiz