CVE-2022-49730: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49730 affects the Linux kernel and involves a use-after-free vulnerability in the SCSI lpfc driver. The vulnerability occurs when an ELS LOGO is aborted, where a nodelist structure is freed and then ndlp->vport->cfglogverbose is dereferenced in lpfcnlpget() when the discovery state machine is mistakenly called a second time with NLPEVTDEVICE_RM argument (Kernel Git).

The vulnerability is a use-after-free condition in the Linux kernel's lpfc driver. Specifically, when an ELS LOGO operation is aborted, the driver incorrectly handles the nodelist structure cleanup, leading to a potential NULL pointer dereference. The issue occurs in lpfccmplelslogo() function where the discovery state machine is called twice with NLPEVTDEVICERM argument, causing the second access to operate on already freed memory. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could lead to a system crash due to NULL pointer dereference, potentially causing denial of service. Additionally, as a use-after-free vulnerability, it could potentially be exploited to execute arbitrary code with kernel privileges (NVD).

The vulnerability has been fixed by reworking the lpfccmplels_logo() function to prevent duplicate calls to release the nodelist structure. The fix has been implemented in the Linux kernel through a patch that modifies the driver's behavior to properly handle resource cleanup (Kernel Git).