CVE-2022-50827
Memory Leak in Linux Kernel SCSI lpfc_create_port Function
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's lpfc driver, specifically in the lpfc_create_port() function. A recent code change introduced allocations for VMID resources after scsi_host_alloc(). If the VMID allocation fails, the code returns early without properly releasing previously allocated resources, causing a memory leak. The fix involves adding a separate cleanup path to properly free VMID resources on failure.
How can this vulnerability impact me? :
The memory leak caused by this vulnerability can lead to increased memory usage and potential resource exhaustion on systems using the affected Linux kernel lpfc driver. Over time, this could degrade system performance or stability, especially in environments with frequent port creation failures.