Linux is a family of open-source Unix-like operating systems based on the Linux kernel.

Linux Kernel

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Ubuntu is a Linux distribution based on Debian, mostly composed of free and open-source software. Ubuntu is officially released in three editions: Desktop, Server, and Core for internet of things devices and robots. All the editions can run on the computer alone or in a virtual machine.

Linux Ubuntu

Red Hat Enterprise Linux is a Linux distribution developed by Red Hat for the commercial market.

Linux Red Hat

Linux openSUSE

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI

If lpfc_issue_els_flogi() fails and returns non-zero status, the node
reference count is decremented to trigger the release of the nodelist
structure. However, if there is a prior registration or dev-loss-evt work
pending, the node may be released prematurely.  When dev-loss-evt
completes, the released node is referenced causing a use-after-free null
pointer dereference.

Similarly, when processing non-zero ELS PLOGI completion status in
lpfc_cmpl_els_plogi(), the ndlp flags are checked for a transport
registration before triggering node removal.  If dev-loss-evt work is
pending, the node may be released prematurely and a subsequent call to
lpfc_dev_loss_tmo_handler() results in a use after free ndlp dereference.

Add test for pending dev-loss before decrementing the node reference count
for FLOGI, PLOGI, PRLI, and ADISC handling.

CVE-2022-49535:
Linux Kernel vulnerability analysis and mitigation

Overview

Technical details

Impact

Mitigation and workarounds

Additional resources

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud threat landscape

PEACH

Ready to see Wiz in action?

CVE-2022-49535: Linux Kernel vulnerability analysis and mitigation