CVE-2022-50727

Description

In the Linux kernel's efct (FC SCSI target) driver, the function efct_device_init() fails to properly release memory when efct_scsi_reg_fc_transport() returns an error. Specifically, if this registration fails, the cleanup function efct_scsi_tgt_driver_exit() is not called, leaving the memory allocated by efct_scsi_tgt_driver_init() unreferenced. This memory leak has been observed during module loading and can be seen in kernel memory debug output, showing a 2048-byte allocation that is not freed [1].

Exploitability

The vulnerability can be triggered when the efct driver module is loaded and the call to register the FC transport fails. An attacker would need to be able to influence the module loading or the state of the FC transport registration to cause the failure. However, given that this is a bug in error handling, it may be exploitable by an unprivileged user if they can trigger an error condition during driver initialization, e.g., by manipulating system resources or configuration.

Impact

A successful trigger results in a memory leak. Over repeated module load/unload cycles or under specific error conditions, this could lead to memory exhaustion, potentially causing system instability or denial of service. The leak is relatively small per occurrence (2048 bytes) but can accumulate.

Mitigation

The fix has been applied in the Linux kernel stable branch via commit bb0cd225dd37df1f4a22e36dad59ff33178ecdfc [1]. Users should update to a kernel version containing this patch. No workaround is mentioned; however, avoiding error conditions during driver initialization may reduce risk.