CVE-2022-49114

scsi: libfc: Fix use after free in fc_exch_abts_resp()

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the
reference count reaches zero, it is freed. But ep is still used in the
following code, which will lead to a use after free. Return after the fc_exch_release() call to avoid use after free.

A vulnerability was found in the Linux kernel's SCSI libfc library in the `fc_exch_abts_resp()` function, which can lead to a use-after-free scenario. This issue can occur because the function calls `fc_exch_release()`, which decrements a reference count stored in the `ep` object and then frees the object once the count is zero. However, the `ep` object is referenced again and can result in the now-freed `ep` pointer being accessed, resulting in system instability, memory corruption, and potential arbitrary code execution.

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-05-21 CVE Updated
2025-06-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-416: Use After Free

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/42e9a92fe6a9095bd68a379aaec7ad2be0337f7a	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4a131d4ea8b581ac9b01d3a72754db4848be3232	2022-04-20
https://git.kernel.org/stable/c/499d198494e77b6533251b9b909baf5c101129cb	2022-04-20
https://git.kernel.org/stable/c/6044ad64f41c87382cfeeca281573d1886d80cbe	2022-04-15
https://git.kernel.org/stable/c/5cf2ce8967b0d98c8cfa4dc42ef4fcf080f5c836	2022-04-15
https://git.kernel.org/stable/c/1d7effe5fff9d28e45e18ac3a564067c7ddfe898	2022-04-13
https://git.kernel.org/stable/c/f581df412bc45c95176e3c808ee2839c05b2ab0c	2022-04-13
https://git.kernel.org/stable/c/87909291762d08fdb60d19069d7a89b5b308d0ef	2022-04-13
https://git.kernel.org/stable/c/412dd8299b02e4410fe77b8396953c1a8dde183a	2022-04-13
https://git.kernel.org/stable/c/271add11994ba1a334859069367e04d2be2ebdd4	2022-03-09

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-49114	2025-07-02
https://bugzilla.redhat.com/show_bug.cgi?id=2348136	2025-07-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 4.9.311 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 4.9.311"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 4.14.276 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 4.14.276"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 4.19.238 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 4.19.238"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.4.189 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.4.189"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.10.111 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.10.111"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.15.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.15.34"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.16.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.16.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.17.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.17.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.29 < 5.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.29 < 5.18"		en		Affected