#VU104638 NULL pointer dereference in Linux kernel - CVE-2022-49159

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU104638

#VU104638 NULL pointer dereference in Linux kernel - CVE-2022-49159

Published: February 26, 2025 / Updated: May 11, 2025


Vulnerability identifier: #VU104638
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-49159
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability: No public exploit available
Vulnerable software:
Linux kernel
Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla2x00_async_nack_sp_done() and qla24xx_async_notify_ack() functions in drivers/scsi/qla2xxx/qla_target.c, within the qla2x00_sp_compl(), qla2xxx_qpair_sp_compl(), qla2xxx_queuecommand() and qla2xxx_mqueuecommand() functions in drivers/scsi/qla2xxx/qla_os.c, within the qlafx00_fx_disc() and dma_free_coherent() functions in drivers/scsi/qla2xxx/qla_mr.c, within the qla24xx_control_vp() function in drivers/scsi/qla2xxx/qla_mid.c, within the qla24xx_send_mb_cmd() function in drivers/scsi/qla2xxx/qla_mbx.c, within the qla24xx_tm_iocb(), qla24xx_els_dcmd_iocb(), qla2x00_els_dcmd2_sp_done(), qla24xx_els_dcmd2_iocb() and qla2x00_start_sp() functions in drivers/scsi/qla2xxx/qla_iocb.c, within the qla2x00_sp_timeout(), qla24xx_abort_iocb_timeout(), qla24xx_abort_sp_done(), qla24xx_async_abort_cmd(), qla2x00_async_login_sp_done(), qla2x00_async_login(), qla2x00_async_logout_sp_done(), qla2x00_async_logout(), qla2x00_async_prlo_sp_done(), qla2x00_async_prlo(), qla2x00_async_adisc_sp_done(), qla2x00_async_adisc(), qla24xx_async_gnl_sp_done(), qla24xx_async_gnl(), dma_pool_free(), qla2x00_async_prli_sp_done(), qla24xx_async_prli() and qla2x00_async_tm_cmd() functions in drivers/scsi/qla2xxx/qla_init.c, within the qla2x00_async_sns_sp_done(), qla_async_rftid(), qla_async_rffid(), qla_async_rnnid(), qla_async_rsnn_nn(), qla24xx_async_gpsc_sp_done(), qla24xx_async_gpsc(), qla24xx_sp_unmap(), qla2x00_async_gpnid_sp_done(), qla24xx_async_gpnid(), qla24xx_async_gffid_sp_done(), qla24xx_async_gffid(), qla2x00_async_gpnft_gnnft_sp_done(), qla24xx_async_gpnft(), qla2x00_async_gnnid_sp_done(), qla24xx_async_gnnid(), qla2x00_async_gfpnid_sp_done() and qla24xx_async_gfpnid() functions in drivers/scsi/qla2xxx/qla_gs.c, within the edif_doorbell_show() function in drivers/scsi/qla2xxx/qla_edif.c, within the qla2x00_bsg_job_done() and qla24xx_bsg_timeout() functions in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

External links