CVE-2022-50467

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s SCSI subsystem, specifically within the lpfc driver. An error case during exit from the lpfc cmpl ct cmd gft id() function can lead to a call to lpfc nlp put() with a null pointer to a nodelist structure. This can cause a null pointer dereference. The issue occurs in an abnormal exit path for GFT ID. The fix involves initializing the nodelist pointer upon entry to the lpfc cmpl ct cmd gft id() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-74655

BDU:2026-02342

CESA-2023_2951

CVE-2022-50467

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

RHSA-2024:4447

SUSE-SU-2025:03613-1

SUSE-SU-2025:03615-1

SUSE-SU-2025:03626-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

Affected Products

Centos

Debian

Linux Kernel

Red Hat

Suse

Lpfc

CVE-2022-50467

Weakness Enumeration

Related Identifiers

Affected Products

References · 882