Bug 2373450 (CVE-2022-50098) - CVE-2022-50098 kernel: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts
Summary: CVE-2022-50098 kernel: scsi: qla2xxx: Fix crash due to stale SRB access aroun...
Keywords:
Status: NEW
Alias: CVE-2022-50098
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-06-18 12:03 UTC by OSIDB Bzimport
Modified: 2025-06-20 10:10 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-06-18 12:03:30 UTC 
In the Linux kernel, the following vulnerability has been resolved:

scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts

Ensure SRB is returned during I/O timeout error escalation. If that is not
possible fail the escalation path.

Following crash stack was seen:

BUG: unable to handle kernel paging request at 0000002f56aa90f8
IP: qla_chk_edif_rx_sa_delete_pending+0x14/0x30 [qla2xxx]
Call Trace:
 ? qla2x00_status_entry+0x19f/0x1c50 [qla2xxx]
 ? qla2x00_start_sp+0x116/0x1170 [qla2xxx]
 ? dma_pool_alloc+0x1d6/0x210
 ? mempool_alloc+0x54/0x130
 ? qla24xx_process_response_queue+0x548/0x12b0 [qla2xxx]
 ? qla_do_work+0x2d/0x40 [qla2xxx]
 ? process_one_work+0x14c/0x390
Comment 1 Avinash Hanwate 2025-06-20 05:22:00 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025061803-CVE-2022-50098-ed6e@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.