DEBIAN-CVE-2022-50288
- Source
- https://security-tracker.debian.org/tracker/CVE-2022-50288
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2022-50288.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2022-50288
- Upstream
- Published
- 2025-09-15T15:15:40Z
- Modified
- 2025-09-19T07:33:07.600481Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after-free on qlcnicdcbenable() failure adapter->dcb would get silently freed inside qlcnicdcbenable() in case qlcnicdcbattach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the existing callers invoke qlcnicdcbgetinfo() on the obtained pointer, which is potentially freed at that point. Propagate errors from qlcnicdcbenable(), and instead free the dcb pointer at callsite using qlcnicdcbfree(). This also removes the now unused qlcniccleardcbops() helper, which was a simple wrapper around kfree() also causing memory leaks for partially initialized dcb. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.10.178-1
Affected versions
5.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source