Bug 2348136 (CVE-2022-49114) - CVE-2022-49114 kernel: scsi: libfc: Fix use after free in fc_exch_abts_resp()
Summary: CVE-2022-49114 kernel: scsi: libfc: Fix use after free in fc_exch_abts_resp()
Keywords:
Status: NEW
Alias: CVE-2022-49114
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:18 UTC by OSIDB Bzimport
Modified: 2025-08-01 13:24 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:10005 0 None None None 2025-07-01 00:38:37 UTC
Red Hat Product Errata RHSA-2025:10009 0 None None None 2025-07-01 01:03:10 UTC
Red Hat Product Errata RHSA-2025:10174 0 None None None 2025-07-01 22:42:57 UTC
Red Hat Product Errata RHSA-2025:10179 0 None None None 2025-07-02 04:37:12 UTC
Red Hat Product Errata RHSA-2025:10193 0 None None None 2025-07-02 06:46:52 UTC

Description OSIDB Bzimport 2025-02-26 03:18:52 UTC 
In the Linux kernel, the following vulnerability has been resolved:

scsi: libfc: Fix use after free in fc_exch_abts_resp()

fc_exch_release(ep) will decrease the ep's reference count. When the
reference count reaches zero, it is freed. But ep is still used in the
following code, which will lead to a use after free.

Return after the fc_exch_release() call to avoid use after free.
Comment 1 Avinash Hanwate 2025-02-26 20:55:18 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022602-CVE-2022-49114-86bb@gregkh/T
Comment 5 errata-xmlrpc 2025-07-01 00:38:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Via RHSA-2025:10005 https://access.redhat.com/errata/RHSA-2025:10005
Comment 6 errata-xmlrpc 2025-07-01 01:03:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:10009 https://access.redhat.com/errata/RHSA-2025:10009
Comment 7 errata-xmlrpc 2025-07-01 22:42:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:10174 https://access.redhat.com/errata/RHSA-2025:10174
Comment 8 errata-xmlrpc 2025-07-02 04:37:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:10179 https://access.redhat.com/errata/RHSA-2025:10179
Comment 9 errata-xmlrpc 2025-07-02 06:46:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:10193 https://access.redhat.com/errata/RHSA-2025:10193
Note You need to log in before you can comment on or make changes to this bug.