| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091854-CVE-2022-50414-a99a@gregkh> Date: Thu, 18 Sep 2025 18:04:04 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50414: scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails fcoe_init() calls fcoe_transport_attach(&fcoe_sw_transport), but when fcoe_if_init() fails, &fcoe_sw_transport is not detached and leaves freed &fcoe_sw_transport on fcoe_transports list. This causes panic when reinserting module. BUG: unable to handle page fault for address: fffffbfff82e2213 RIP: 0010:fcoe_transport_attach+0xe1/0x230 [libfcoe] Call Trace: <TASK> do_one_initcall+0xd0/0x4e0 load_module+0x5eee/0x7210 ... The Linux kernel CVE team has assigned CVE-2022-50414 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.39 with commit 78a582463c1e3a262aeaf2a291e06a93a7b34212 and fixed in 4.9.337 with commit d581303d6f8d4139513105d73dd65f26c6707160 Issue introduced in 2.6.39 with commit 78a582463c1e3a262aeaf2a291e06a93a7b34212 and fixed in 4.14.303 with commit b5cc59470df64f26ad397dbb71cbf130cf489edf Issue introduced in 2.6.39 with commit 78a582463c1e3a262aeaf2a291e06a93a7b34212 and fixed in 4.19.270 with commit cf74d1197c0e3d2f353faa333e9e2847c73713f1 Issue introduced in 2.6.39 with commit 78a582463c1e3a262aeaf2a291e06a93a7b34212 and fixed in 5.4.229 with commit be5f1a82ad6056db22c86005dc4cac22a20deeef Issue introduced in 2.6.39 with commit 78a582463c1e3a262aeaf2a291e06a93a7b34212 and fixed in 5.10.163 with commit 22e8c7a56bb1cd2ed0beaaccb34282ac9cbbe27e Issue introduced in 2.6.39 with commit 78a582463c1e3a262aeaf2a291e06a93a7b34212 and fixed in 5.15.86 with commit 09a60f908d8b6497f618113b7c3c31267dc90911 Issue introduced in 2.6.39 with commit 78a582463c1e3a262aeaf2a291e06a93a7b34212 and fixed in 6.0.16 with commit 1dc499c615aa87dc46a3f2d1f91d2d358e55f3e3 Issue introduced in 2.6.39 with commit 78a582463c1e3a262aeaf2a291e06a93a7b34212 and fixed in 6.1.2 with commit aef82d16be5a353d913163f26fc4385e296be2b8 Issue introduced in 2.6.39 with commit 78a582463c1e3a262aeaf2a291e06a93a7b34212 and fixed in 6.2 with commit 4155658cee394b22b24c6d64e49247bf26d95b92 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50414 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/fcoe/fcoe.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d581303d6f8d4139513105d73dd65f26c6707160 https://git.kernel.org/stable/c/b5cc59470df64f26ad397dbb71cbf130cf489edf https://git.kernel.org/stable/c/cf74d1197c0e3d2f353faa333e9e2847c73713f1 https://git.kernel.org/stable/c/be5f1a82ad6056db22c86005dc4cac22a20deeef https://git.kernel.org/stable/c/22e8c7a56bb1cd2ed0beaaccb34282ac9cbbe27e https://git.kernel.org/stable/c/09a60f908d8b6497f618113b7c3c31267dc90911 https://git.kernel.org/stable/c/1dc499c615aa87dc46a3f2d1f91d2d358e55f3e3 https://git.kernel.org/stable/c/aef82d16be5a353d913163f26fc4385e296be2b8 https://git.kernel.org/stable/c/4155658cee394b22b24c6d64e49247bf26d95b92
Powered by blists - more mailing lists