CVE-2022-49534

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A potential memory leak was identified in the Linux kernel, specifically in the lpfc driver. The issue occurs when handling NPIV PLOGI RJT responses, where memory allocated for service parameters and login mailboxes is not properly freed. This can happen in two functions: lpfc ignore els cmpl() and lpfc els rsp reject(). The memory leak is related to the lpfc rcv plogi() function's login mailbox.

Recommendations To resolve the issue, ensure that the cmdiocb->context un.mbox is checked for allocation in lpfc ignore els cmpl() and freed back to phba->mbox mem pool along with mbox->ctx buf for service parameters. For lpfc els rsp reject() failures, free both the ctx buf for service parameters and the login mailbox. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

AZL-58352

BDU:2026-02066

CESA-2022_7683

CVE-2022-49534

OPENSUSE-SU-2025_1263-1

RHSA-2022:7683

RHSA-2022:8267

RHSA-2022_7683

RHSA-2022_8267

SUSE-SU-2025:01600-1

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_01600-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Centos

Debian

Linux Kernel

Red Hat

Suse

CVE-2022-49534

Weakness Enumeration

Related Identifiers

Affected Products

References · 1473