CVE-2022-50288
- Source
- https://cve.org/CVERecord?id=CVE-2022-50288
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50288.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-50288
- Downstream
- Related
- Published
- 2025-09-15T14:21:24.427Z
- Modified
- 2026-04-02T08:28:22.749482Z
- Summary
- qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
qlcnic: prevent ->dcb use-after-free on qlcnicdcbenable() failure
adapter->dcb would get silently freed inside qlcnicdcbenable() in case qlcnicdcbattach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the existing callers invoke qlcnicdcbget_info() on the obtained pointer, which is potentially freed at that point.
Propagate errors from qlcnicdcbenable(), and instead free the dcb pointer at callsite using qlcnicdcbfree(). This also removes the now unused qlcniccleardcb_ops() helper, which was a simple wrapper around kfree() also causing memory leaks for partially initialized dcb.
Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50288.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/13a7c8964afcd8ca43c0b6001ebb0127baa95362
- https://git.kernel.org/stable/c/36999236f0b12d5de21a6f40e93b570727b9ceb2
- https://git.kernel.org/stable/c/513787ff9a331b461115e8a145a983d650a84fcb
- https://git.kernel.org/stable/c/8df1dc04ce0e4c03b51a756749c250a9cb17d707
- https://git.kernel.org/stable/c/8f97eeb02a553cdc78c83a0596448a370e1518c4
- https://git.kernel.org/stable/c/95df720e64a6409d8152827a776c43f615e3321a
- https://git.kernel.org/stable/c/a2a694e6edbdb3efb34e1613a31fdcf6cf444a55
- https://git.kernel.org/stable/c/d12a7510293d3370b234b0b7c5eda33e58786768
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50288.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50288
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3c44bba1d270cb1620b4fe76786d0968118cb86bFixed36999236f0b12d5de21a6f40e93b570727b9ceb2Fixedd12a7510293d3370b234b0b7c5eda33e58786768Fixed8f97eeb02a553cdc78c83a0596448a370e1518c4Fixed513787ff9a331b461115e8a145a983d650a84fcbFixed95df720e64a6409d8152827a776c43f615e3321aFixed8df1dc04ce0e4c03b51a756749c250a9cb17d707Fixeda2a694e6edbdb3efb34e1613a31fdcf6cf444a55Fixed13a7c8964afcd8ca43c0b6001ebb0127baa95362