CVE-2022-50827

Root

Cause In the Linux kernel's Emulex lpfc SCSI driver, commit 5e633302ace1 added VMID (Virtual Machine ID) resource allocations inside lpfc_create_port(). These allocations occur after scsi_host_alloc(). If any VMID allocation fails, the allocation fails, the code jumps to an existing out label that returns NULL without releasing the previously allocated scsi_host structure, causing a memory leak [1].

Exploitation

Exploitation requires a trigger of VMID resource allocation failure within the lpfc driver. This can happen due to memory exhaustion or internal resource limits during port creation. An attacker with local access or the ability to influence driver initialization (e.g., via device hot-plug or module reload) could potentially cause repeated allocation failures, leading to gradual kernel memory depletion. No special privileges beyond those needed to trigger driver operations are indicated [1].

Impact

The memory leak leads to gradual depletion of kernel memory, potentially causing system instability, denial of service, or resource exhaustion for other processes. Over time, the system may become unresponsive or crash due to inability to allocate memory for critical operations [1].

Mitigation

The fix was applied in the Linux stable kernel branch (commit 9749595feb33a1a2b848800192224ffeed5346b4). It introduces a dedicated cleanup label out_free_vmid to release VMID resources before the existing out_put_shost label which correctly calls scsi_host_put(). Affected systems should apply the kernel update to prevent the leak [1].