github - ghsa-6cr3-6r56-xr54

ghsa-6cr3-6r56-xr54

Vulnerability from github

Published

2025-03-14 00:30

Modified

2025-03-14 00:30

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: lpfc: Address NULL pointer dereference after starget_to_rport()

Calls to starget_to_rport() may return NULL. Add check for NULL rport before dereference.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-49332"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Address NULL pointer dereference after starget_to_rport()\n\nCalls to starget_to_rport() may return NULL.  Add check for NULL rport\nbefore dereference.",
  "id": "GHSA-6cr3-6r56-xr54",
  "modified": "2025-03-14T00:30:51Z",
  "published": "2025-03-14T00:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49332"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/68fcff1127e4995ddbd4b6861892a25c23db3f70"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6f808bd78e8296b4ded813b7182988d57e1f6176"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2022-49332 (GCVE-0-2022-49332)

Vulnerability from cvelistv5

Published

2025-02-26 02:10

Modified

2025-05-04 08:35

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Calls to starget_to_rport() may return NULL. Add check for NULL rport before dereference.

References

►

URL

Tags

	https://git.kernel.org/stable/c/68fcff1127e4995ddbd4b6861892a25c23db3f70
	https://git.kernel.org/stable/c/6f808bd78e8296b4ded813b7182988d57e1f6176

Impacted products

Vendor

Product

Version

►

Version: bb21fc9911eea92afd476f7e64b327716e042a25
Version: bb21fc9911eea92afd476f7e64b327716e042a25

Version: 5.18

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/lpfc/lpfc_scsi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "68fcff1127e4995ddbd4b6861892a25c23db3f70",
              "status": "affected",
              "version": "bb21fc9911eea92afd476f7e64b327716e042a25",
              "versionType": "git"
            },
            {
              "lessThan": "6f808bd78e8296b4ded813b7182988d57e1f6176",
              "status": "affected",
              "version": "bb21fc9911eea92afd476f7e64b327716e042a25",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/lpfc/lpfc_scsi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.18"
            },
            {
              "lessThan": "5.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.4",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19",
                  "versionStartIncluding": "5.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Address NULL pointer dereference after starget_to_rport()\n\nCalls to starget_to_rport() may return NULL.  Add check for NULL rport\nbefore dereference."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:35:23.474Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/68fcff1127e4995ddbd4b6861892a25c23db3f70"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f808bd78e8296b4ded813b7182988d57e1f6176"
        }
      ],
      "title": "scsi: lpfc: Address NULL pointer dereference after starget_to_rport()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-49332",
    "datePublished": "2025-02-26T02:10:51.612Z",
    "dateReserved": "2025-02-26T02:08:31.539Z",
    "dateUpdated": "2025-05-04T08:35:23.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.