CVE-2022-50532
- Source
- https://cve.org/CVERecord?id=CVE-2022-50532
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50532.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50532
- Downstream
- Related
- Published
- 2025-10-07T15:19:22.581Z
- Modified
- 2026-03-20T12:22:35.241329Z
- Summary
- scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Fix possible resource leaks in mpt3sastransportport_add()
In mpt3sastransportportadd(), if sasrphyadd() returns error, sasrphyfree() needs be called to free the resource allocated in sasenddevicealloc(). Otherwise a kernel crash will happen:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 45 PID: 37020 Comm: bash Kdump: loaded Tainted: G W 6.1.0-rc1+ #189 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : devicedel+0x54/0x3d0 lr : devicedel+0x37c/0x3d0 Call trace: devicedel+0x54/0x3d0 attributecontainerclassdevicedel+0x28/0x38 transportremoveclassdev+0x6c/0x80 attributecontainerdevicetrigger+0x108/0x110 transportremovedevice+0x28/0x38 sasrphyremove+0x50/0x78 [scsitransportsas] sasportdelete+0x30/0x148 [scsitransportsas] dosasphydelete+0x78/0x80 [scsitransportsas] deviceforeachchild+0x68/0xb0 sasremovechildren+0x30/0x50 [scsitransportsas] sasrphyremove+0x38/0x78 [scsitransportsas] sasportdelete+0x30/0x148 [scsitransportsas] dosasphydelete+0x78/0x80 [scsitransportsas] deviceforeachchild+0x68/0xb0 sasremovechildren+0x30/0x50 [scsitransportsas] sasremovehost+0x20/0x38 [scsitransportsas] scsih_remove+0xd8/0x420 [mpt3sas]
Because transportadddevice() is not called when sasrphyadd() fails, the device is not added. When sasrphyremove() is subsequently called to remove the device in the remove() path, a NULL pointer dereference happens.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50532.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/6a92129c8f999ff5b122c100ce7f625eb3e98c4b
- https://git.kernel.org/stable/c/6f6768e2fc8638fabdd8802c2ef693d7aef01db1
- https://git.kernel.org/stable/c/78316e9dfc24906dd474630928ed1d3c562b568e
- https://git.kernel.org/stable/c/ce1a69cc85006b494353911b35171da195d79e25
- https://git.kernel.org/stable/c/d17bca3ddfe507874cb826d32721552da12e741f
- https://git.kernel.org/stable/c/d60000cb1195a464080b0efb4949daf7594e0020
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50532.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50532
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf92363d12359498f9a9960511de1a550f0ec41c2Fixedd60000cb1195a464080b0efb4949daf7594e0020Fixedce1a69cc85006b494353911b35171da195d79e25Fixed6a92129c8f999ff5b122c100ce7f625eb3e98c4bFixed6f6768e2fc8638fabdd8802c2ef693d7aef01db1Fixedd17bca3ddfe507874cb826d32721552da12e741fFixed78316e9dfc24906dd474630928ed1d3c562b568e