Main Vulnerability Database SB20250226257

SB20250226257 - Use-after-free in Linux kernel scsi ibmvscsi driver

Published: February 26, 2025 Updated: May 11, 2025

Security Bulletin ID SB20250226257

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2022-49701)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ibmvfc_npiv_logout(), ibmvfc_reenable_crq_queue(), ibmvfc_reset_crq(), ibmvfc_register_scsi_channel(), plpar_hcall_norets(), ibmvfc_deregister_scsi_channel() and ibmvfc_init_sub_crqs() functions in drivers/scsi/ibmvscsi/ibmvfc.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/161ec2a0807ddd58bc0f24f3e1e7e3d4fef5297f
https://git.kernel.org/stable/c/72ea7fe0db73d65c7d977208842d8ade9b823de9
https://git.kernel.org/stable/c/9f23c499ca601b2a1e1d2e761d03964b739bca0e
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.8