#VU104638 NULL pointer dereference in Linux kernel - CVE-2022-49159

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104638

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49159

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qla2x00_async_nack_sp_done() and qla24xx_async_notify_ack() functions in drivers/scsi/qla2xxx/qla_target.c, within the qla2x00_sp_compl(), qla2xxx_qpair_sp_compl(), qla2xxx_queuecommand() and qla2xxx_mqueuecommand() functions in drivers/scsi/qla2xxx/qla_os.c, within the qlafx00_fx_disc() and dma_free_coherent() functions in drivers/scsi/qla2xxx/qla_mr.c, within the qla24xx_control_vp() function in drivers/scsi/qla2xxx/qla_mid.c, within the qla24xx_send_mb_cmd() function in drivers/scsi/qla2xxx/qla_mbx.c, within the qla24xx_tm_iocb(), qla24xx_els_dcmd_iocb(), qla2x00_els_dcmd2_sp_done(), qla24xx_els_dcmd2_iocb() and qla2x00_start_sp() functions in drivers/scsi/qla2xxx/qla_iocb.c, within the qla2x00_sp_timeout(), qla24xx_abort_iocb_timeout(), qla24xx_abort_sp_done(), qla24xx_async_abort_cmd(), qla2x00_async_login_sp_done(), qla2x00_async_login(), qla2x00_async_logout_sp_done(), qla2x00_async_logout(), qla2x00_async_prlo_sp_done(), qla2x00_async_prlo(), qla2x00_async_adisc_sp_done(), qla2x00_async_adisc(), qla24xx_async_gnl_sp_done(), qla24xx_async_gnl(), dma_pool_free(), qla2x00_async_prli_sp_done(), qla24xx_async_prli() and qla2x00_async_tm_cmd() functions in drivers/scsi/qla2xxx/qla_init.c, within the qla2x00_async_sns_sp_done(), qla_async_rftid(), qla_async_rffid(), qla_async_rnnid(), qla_async_rsnn_nn(), qla24xx_async_gpsc_sp_done(), qla24xx_async_gpsc(), qla24xx_sp_unmap(), qla2x00_async_gpnid_sp_done(), qla24xx_async_gpnid(), qla24xx_async_gffid_sp_done(), qla24xx_async_gffid(), qla2x00_async_gpnft_gnnft_sp_done(), qla24xx_async_gpnft(), qla2x00_async_gnnid_sp_done(), qla24xx_async_gnnid(), qla2x00_async_gfpnid_sp_done() and qla24xx_async_gfpnid() functions in drivers/scsi/qla2xxx/qla_gs.c, within the edif_doorbell_show() function in drivers/scsi/qla2xxx/qla_edif.c, within the qla2x00_bsg_job_done() and qla24xx_bsg_timeout() functions in drivers/scsi/qla2xxx/qla_bsg.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/31e6cdbe0eae37badceb5e0d4f06cf051432fd77
https://git.kernel.org/stable/c/ceda7f794f3dfe272491e93e3e93049f8be5f07b
https://git.kernel.org/stable/c/e140723f78ff418c8df7d990e102e07b65c87d4a
https://git.kernel.org/stable/c/e17111dd2fda81c35f309b1e5b6ab35809a375e7

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

NULL pointer dereference in Linux kernel scsi qla2xxx driver