CVE-2022-49789: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49789 affects the Linux kernel's SCSI zfcp subsystem. The vulnerability was discovered in the integer type handling within the zfcp_fsf_req_send() function, where an incorrect type was used to cache the FSF request ID. The issue was publicly disclosed and documented in May 2025 (NVD, Wiz).

The vulnerability stems from using an int type (signed and 32-bit wide) to cache the FSF request ID in zfcp_fsf_req_send(), while the rest of the zfcp code and firmware specification handles the ID as unsigned long/u64 (unsigned and 64-bit wide [s390x ELF ABI]). This mismatch causes two problems: truncation when the ID exceeds 32 bits, and sign extension issues when the 32nd bit is set in the original ID (0x80000000 = 2,147,483,648). The compiler uses sign-extending instructions for the cached variable, causing mismatches with the original ID (NVD).

When the vulnerability is triggered, it results in a double free condition. If the request cannot be removed from the hash table after zfcp_qdio_send() fails, the memory is freed twice - once when zfcp_fsf_req_send() fails and again when the zfcp adapter is reset during recovery or shutdown. This leads to memory corruption and potential system crashes (NVD).

The vulnerability has been resolved in the Linux kernel through a fix that addresses the integer type mismatch in the zfcp_fsf_req_send() function (NVD).