CVE-2022-50288

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the qlcnic driver where a use-after-free condition can occur during DCB (Data Center Bridging) operations. Specifically, the adapter->dcb pointer could be freed prematurely within the qlcnic dcb enable() function if qlcnic dcb attach() returns an error, such as under Out-of-Memory (OOM) conditions. Subsequent calls to qlcnic dcb get info() with this freed pointer could then lead to a use-after-free issue. The issue was discovered by the Linux Verification Center using the SVACE static analysis tool.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.