CVE-2022-49535

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI<br /> <br /> If lpfc_issue_els_flogi() fails and returns non-zero status, the node<br /> reference count is decremented to trigger the release of the nodelist<br /> structure. However, if there is a prior registration or dev-loss-evt work<br /> pending, the node may be released prematurely. When dev-loss-evt<br /> completes, the released node is referenced causing a use-after-free null<br /> pointer dereference.<br /> <br /> Similarly, when processing non-zero ELS PLOGI completion status in<br /> lpfc_cmpl_els_plogi(), the ndlp flags are checked for a transport<br /> registration before triggering node removal. If dev-loss-evt work is<br /> pending, the node may be released prematurely and a subsequent call to<br /> lpfc_dev_loss_tmo_handler() results in a use after free ndlp dereference.<br /> <br /> Add test for pending dev-loss before decrementing the node reference count<br /> for FLOGI, PLOGI, PRLI, and ADISC handling.