CVE-2022-50493

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s SCSI subsystem, specifically within the qla2xxx driver. A crash can occur during CPU hotplug operations when an I/O abort times out, leading to completion being called on an already completed I/O request. This issue arises from a missing check to verify if the I/O and abort request are still outstanding before attempting completion. The crash stack trace includes function calls such as qla24xx process response queue(), qla2x00 start nvme mq(), qla nvme post cmd(), nvme fc start fcp op(), blk mq dispatch rq list(), blk mq sched dispatch requests(), blk mq sched dispatch requests(), blk mq run hw queue(), blk mq delay run hw queue(), blk execute rq(), nvme submit sync cmd(), nvmf connect admin queue(), nvme fc create association.cold(), nvme fc connect ctrl work(), and process one work().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.