2425057 – (CVE-2022-50727) CVE-2022-50727 kernel: scsi: efct: Fix possible memleak in efct_device_init()

Bug 2425057 (CVE-2022-50727) - CVE-2022-50727 kernel: scsi: efct: Fix possible memleak in efct_device_init()

Summary: CVE-2022-50727 kernel: scsi: efct: Fix possible memleak in efct_device_init()

Keywords:
Status:	NEW
Alias:	CVE-2022-50727
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-24 13:05 UTC by OSIDB Bzimport
Modified:	2025-12-25 05:46 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-24 13:05:16 UTC

In the Linux kernel, the following vulnerability has been resolved:

scsi: efct: Fix possible memleak in efct_device_init()

In efct_device_init(), when efct_scsi_reg_fc_transport() fails,
efct_scsi_tgt_driver_exit() is not called to release memory for
efct_scsi_tgt_driver_init() and causes memleak:

unreferenced object 0xffff8881020ce000 (size 2048):
  comm "modprobe", pid 465, jiffies 4294928222 (age 55.872s)
  backtrace:
    [<0000000021a1ef1b>] kmalloc_trace+0x27/0x110
    [<000000004c3ed51c>] target_register_template+0x4fd/0x7b0 [target_core_mod]
    [<00000000f3393296>] efct_scsi_tgt_driver_init+0x18/0x50 [efct]
    [<00000000115de533>] 0xffffffffc0d90011
    [<00000000d608f646>] do_one_initcall+0xd0/0x4e0
    [<0000000067828cf1>] do_init_module+0x1cc/0x6a0
    ...

Comment 1 Alexander B 2025-12-25 05:42:52 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025122419-CVE-2022-50727-95aa@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.