Null Pointer Dereference in Linux Kernel SCSI Driver
CVE-2022-50467

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
1 October 2025

What is CVE-2022-50467?

A vulnerability was discovered in the Linux Kernel SCSI driver where the lpfc_cmpl_ct_cmd_gft_id() function could cause a null pointer dereference. This issue occurs if the function encounters an error during its execution, resulting in a call to lpfc_nlp_put() with a null pointer to a nodelist structure. To address this, the function has been updated to ensure the nodelist pointer is initialized at the entry, thus enhancing stability and security in the error handling process.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 04e7cd8c85636a329d1a6e5a269a7c8b6f71c41c

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 82dc1fe4324e2c897f2ed1c66f4fcff03094ac3a

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 59b7e210a522b836a01516c71ee85d1d92c1f075

References

https://git.kernel.org/stable/c/04e7cd8c85636a329d1a6e5a2...
https://git.kernel.org/stable/c/82dc1fe4324e2c897f2ed1c66...
https://git.kernel.org/stable/c/59b7e210a522b836a01516c71...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2022-50467 : Null Pointer Dereference in Linux Kernel SCSI Driver