CVE-2022-50768
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: smartpqi: Correct device removal for multi-actuator devices
Correct device count for multi-actuator drives which can cause kernel panics.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Incorrect device count in smartpqi driver for multi-actuator drives causes kernel panic during device removal.
Vulnerability
The vulnerability exists in the smartpqi SCSI driver in the Linux kernel. For multi-actuator drives, the device removal routine incorrectly counts devices, leading to a kernel panic when a device is removed. This is a logic error in handling the number of devices associated with a multi-actuator drive.
Exploitation
To exploit this vulnerability, an attacker would need the ability to trigger device removal on a system using a smartpqi adapter with multi-actuator drives. This could be achieved through local access to the system (e.g., via sysfs device removal) or by physically disconnecting a drive. No authentication is required beyond normal user privileges for device removal operations.
Impact
The primary impact is a denial of service (system crash) caused by a kernel panic. This can lead to downtime and potential data loss if the crash occurs during I/O operations. There is no evidence of privilege escalation or information disclosure.
Mitigation
The fix is included in a Linux kernel stable commit [1]. Users should apply the latest kernel update from their distribution. There are no known workarounds; the issue is resolved by the patch.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
3e8e9e0c28901d1c8b86b4ab7cc9befcbbb5eVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.