CVE-2022-49114
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the reference count reaches zero, it is freed. But ep is still used in the following code, which will lead to a use after free. Return after the fc_exch_release() call to avoid use after free.
Security Summary
CVE-2022-49114 is a use-after-free vulnerability in the Linux kernel's libfc (SCSI Fibre Channel library) component, specifically within the fc_exch_abts_resp() function. The issue arises because fc_exch_release(ep) decrements the reference count of the exchange pointer (ep), freeing it when the count reaches zero, but subsequent code continues to use ep, leading to a use-after-free condition. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-416.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of user interaction requirements. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution, data corruption, or system crashes on affected systems.
Mitigation involves applying the relevant stable kernel patches, as detailed in the upstream commit references. These patches fix the issue by adding a return statement immediately after fc_exch_release() to prevent further use of the potentially freed ep. The provided references link to specific kernel stable commits implementing this fix across various branches.
Details
- CWE(s)