CVE-2022-50532

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc1+ #189

Description The Linux kernel contains a flaw within the mpt3sas transport port add() function in the SCSI subsystem. Specifically, if sas rphy add() fails, the necessary resource freeing via sas rphy free() is not performed, leading to potential resource leaks. This can ultimately result in a kernel crash due to a NULL pointer dereference when sas rphy remove() is called during device removal. The crash occurs when attempting to access memory at a virtual address, as indicated by the kernel panic message. The function device del() is involved in the call trace leading to the crash.

Recommendations Update to a version of the Linux kernel newer than 6.1.0-rc1+ #189.

Exploit

Fix

Memory Leak

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-476

Related Identifiers

BDU:2026-03813

CESA-2023_7077

CVE-2022-50532

RHSA-2023:6583

RHSA-2023:7077

RHSA-2023_6583

RHSA-2023_7077

SUSE-SU-2025:4111-1

SUSE-SU-2025:4135-1

SUSE-SU-2025:4139-1

SUSE-SU-2025:4149-1

SUSE-SU-2025:4188-1

SUSE-SU-2025:4189-1

SUSE-SU-2025:4320-1

Affected Products

Centos

Linux Kernel

Red Hat

Suse

CVE-2022-50532

Weakness Enumeration

Related Identifiers

Affected Products

References · 631