Wiz
Vulnerability DatabaseCVE-2022-49521

CVE-2022-49521
Linux Kernel vulnerability analysis and mitigation

Overview

In the Linux kernel, a resource leak vulnerability (CVE-2022-49521) was discovered in the SCSI lpfc driver. The issue occurs when no handler is found in lpfccompleteunsol_iocb() to match the rctl of a received frame, causing the frame to be dropped and resources to be leaked (Kernel Git).

Technical details

The vulnerability exists in the lpfcsli4sendseqtoulp() function of the Linux kernel's SCSI lpfc driver. When processing received frames, if no handler matches the rctl in lpfccompleteunsoliocb(), the frame is discarded but the associated resources are not properly freed. The fix involves returning resources when discarding an unhandled frame type and updating lpfcfcframe_check() handling of NOP basic link service (Kernel Git).

Impact

The vulnerability results in resource leaks in the Linux kernel's SCSI subsystem when processing certain unhandled frame types in the lpfc driver. This could potentially lead to resource exhaustion over time (NVD).

Mitigation and workarounds

The vulnerability has been fixed by adding proper resource cleanup when discarding unhandled frame types. The fix includes returning resources via lpfcinbuffree() when discarding an unhandled frame and updating the handling of NOP basic link service in lpfcfcframecheck() (Kernel Git).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo