GHSA-RQX9-PG4R-6QM3
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-03 21:30In the Linux kernel, the following vulnerability has been resolved:
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
adapter->dcb would get silently freed inside qlcnic_dcb_enable() in case qlcnic_dcb_attach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the existing callers invoke qlcnic_dcb_get_info() on the obtained pointer, which is potentially freed at that point.
Propagate errors from qlcnic_dcb_enable(), and instead free the dcb pointer at callsite using qlcnic_dcb_free(). This also removes the now unused qlcnic_clear_dcb_ops() helper, which was a simple wrapper around kfree() also causing memory leaks for partially initialized dcb.
Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
{
"affected": [],
"aliases": [
"CVE-2022-50288"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nqlcnic: prevent -\u003edcb use-after-free on qlcnic_dcb_enable() failure\n\nadapter-\u003edcb would get silently freed inside qlcnic_dcb_enable() in\ncase qlcnic_dcb_attach() would return an error, which always happens\nunder OOM conditions. This would lead to use-after-free because both\nof the existing callers invoke qlcnic_dcb_get_info() on the obtained\npointer, which is potentially freed at that point.\n\nPropagate errors from qlcnic_dcb_enable(), and instead free the dcb\npointer at callsite using qlcnic_dcb_free(). This also removes the now\nunused qlcnic_clear_dcb_ops() helper, which was a simple wrapper around\nkfree() also causing memory leaks for partially initialized dcb.\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE\nstatic analysis tool.",
"id": "GHSA-rqx9-pg4r-6qm3",
"modified": "2025-12-03T21:30:59Z",
"published": "2025-09-15T15:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50288"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/13a7c8964afcd8ca43c0b6001ebb0127baa95362"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/36999236f0b12d5de21a6f40e93b570727b9ceb2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/513787ff9a331b461115e8a145a983d650a84fcb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8df1dc04ce0e4c03b51a756749c250a9cb17d707"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8f97eeb02a553cdc78c83a0596448a370e1518c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/95df720e64a6409d8152827a776c43f615e3321a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a2a694e6edbdb3efb34e1613a31fdcf6cf444a55"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d12a7510293d3370b234b0b7c5eda33e58786768"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.