CVE-2022-50288

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> qlcnic: prevent -&gt;dcb use-after-free on qlcnic_dcb_enable() failure<br /> <br /> adapter-&gt;dcb would get silently freed inside qlcnic_dcb_enable() in<br /> case qlcnic_dcb_attach() would return an error, which always happens<br /> under OOM conditions. This would lead to use-after-free because both<br /> of the existing callers invoke qlcnic_dcb_get_info() on the obtained<br /> pointer, which is potentially freed at that point.<br /> <br /> Propagate errors from qlcnic_dcb_enable(), and instead free the dcb<br /> pointer at callsite using qlcnic_dcb_free(). This also removes the now<br /> unused qlcnic_clear_dcb_ops() helper, which was a simple wrapper around<br /> kfree() also causing memory leaks for partially initialized dcb.<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with the SVACE<br /> static analysis tool.