Use-After-Free Vulnerability in Linux Kernel SCSI Module by Vendor
CVE-2022-49730

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 February 2025

What is CVE-2022-49730?

A use-after-free vulnerability has been identified in the Linux kernel's SCSI module. This issue arises when an ELS LOGO (Extended Link Services Log Out) operation is aborted, leading to a potential crash due to the improper handling of the nodelist structure. Upon prematurely releasing the structure, the configuration log verbosity setting for the respective vport may still be accessed, which can result in undefined behaviors or system instability. To mitigate this vulnerability, the lpfc_cmpl_els_logo() function has been adjusted to restrict the possibility of duplicate calls that lead to the release of the nodelist, ensuring safe and reliable handling of resource management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 5e83869e29448958f8ae2c6911f350318f75e4fc

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/5e83869e29448958f8ae2c691...

https://git.kernel.org/stable/c/eea34ce23dc3a595695856dc7...

https://git.kernel.org/stable/c/b1b3440f437b75fb2a9b0cfe5...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Feb 26, 2025

JSON

Linux

What is CVE-2022-49730?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.