Fluid Attacks Database

Description

A memory leak vulnerability was found in the Linux kernel's lpfc SCSI driver. In lpfc_create_port(), when VMID resource allocation fails after scsi_host_alloc() succeeds, the error handling path fails to call scsi_host_put(), leading to a memory leak of the allocated SCSI host structure.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	linux	>=0 <6.0.6-1	6.0.6-1
debian 13	linux	>=0 <6.0.6-1	6.0.6-1
debian 12	linux	>=0 <6.0.6-1	6.0.6-1
rpm rhel6	kernel	-	-
rpm rhel8	kernel	-	-
rpm rhel9	kernel	-	-
rpm rhel8	kernel-rt	-	-
rpm rhel9	kernel-rt	-	-

Aliases

1. CVE-2022-508272. NVD-2022-508273. OSV-DEBIAN-2022-508274. OSV-2022-508275. SECURITY-TRACKER-CVE-2022-50827

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.