CVE-2022-49114

scsi: libfc: Fix use after free in fc_exch_abts_resp()

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the reference count reaches zero, it is freed. But ep is still used in the following code, which will lead to a use after free. Return after the fc_exch_release() call to avoid use after free.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4a131d4ea8b581ac9b01d3a72754db4848be3232 patch
https://git.kernel.org/stable/c/499d198494e77b6533251b9b909baf5c101129cb patch
https://git.kernel.org/stable/c/6044ad64f41c87382cfeeca281573d1886d80cbe patch
https://git.kernel.org/stable/c/5cf2ce8967b0d98c8cfa4dc42ef4fcf080f5c836 patch
https://git.kernel.org/stable/c/1d7effe5fff9d28e45e18ac3a564067c7ddfe898 patch
https://git.kernel.org/stable/c/f581df412bc45c95176e3c808ee2839c05b2ab0c patch
https://git.kernel.org/stable/c/87909291762d08fdb60d19069d7a89b5b308d0ef patch
https://git.kernel.org/stable/c/412dd8299b02e4410fe77b8396953c1a8dde183a patch
https://git.kernel.org/stable/c/271add11994ba1a334859069367e04d2be2ebdd4 patch

Frequently Asked Questions

What is the severity of CVE-2022-49114?
CVE-2022-49114 has been scored as a high severity vulnerability.
How to fix CVE-2022-49114?
To fix CVE-2022-49114, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49114 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49114 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49114?
CVE-2022-49114 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.