ghsa-rqx9-pg4r-6qm3
Vulnerability from github
Published
2025-09-15 15:31
Modified
2025-09-15 15:31
Details

In the Linux kernel, the following vulnerability has been resolved:

qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure

adapter->dcb would get silently freed inside qlcnic_dcb_enable() in case qlcnic_dcb_attach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the existing callers invoke qlcnic_dcb_get_info() on the obtained pointer, which is potentially freed at that point.

Propagate errors from qlcnic_dcb_enable(), and instead free the dcb pointer at callsite using qlcnic_dcb_free(). This also removes the now unused qlcnic_clear_dcb_ops() helper, which was a simple wrapper around kfree() also causing memory leaks for partially initialized dcb.

Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-50288"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T15:15:40Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nqlcnic: prevent -\u003edcb use-after-free on qlcnic_dcb_enable() failure\n\nadapter-\u003edcb would get silently freed inside qlcnic_dcb_enable() in\ncase qlcnic_dcb_attach() would return an error, which always happens\nunder OOM conditions. This would lead to use-after-free because both\nof the existing callers invoke qlcnic_dcb_get_info() on the obtained\npointer, which is potentially freed at that point.\n\nPropagate errors from qlcnic_dcb_enable(), and instead free the dcb\npointer at callsite using qlcnic_dcb_free(). This also removes the now\nunused qlcnic_clear_dcb_ops() helper, which was a simple wrapper around\nkfree() also causing memory leaks for partially initialized dcb.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE\nstatic analysis tool.",
  "id": "GHSA-rqx9-pg4r-6qm3",
  "modified": "2025-09-15T15:31:26Z",
  "published": "2025-09-15T15:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50288"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/13a7c8964afcd8ca43c0b6001ebb0127baa95362"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36999236f0b12d5de21a6f40e93b570727b9ceb2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/513787ff9a331b461115e8a145a983d650a84fcb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8df1dc04ce0e4c03b51a756749c250a9cb17d707"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f97eeb02a553cdc78c83a0596448a370e1518c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95df720e64a6409d8152827a776c43f615e3321a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a2a694e6edbdb3efb34e1613a31fdcf6cf444a55"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d12a7510293d3370b234b0b7c5eda33e58786768"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.