CVE-2022-50493

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: qla2xxx: Fix crash when I/O abort times out<br /> <br /> While performing CPU hotplug, a crash with the following stack was seen:<br /> <br /> Call Trace:<br /> qla24xx_process_response_queue+0x42a/0x970 [qla2xxx]<br /> qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx]<br /> qla_nvme_post_cmd+0x166/0x240 [qla2xxx]<br /> nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc]<br /> blk_mq_dispatch_rq_list+0x17b/0x610<br /> __blk_mq_sched_dispatch_requests+0xb0/0x140<br /> blk_mq_sched_dispatch_requests+0x30/0x60<br /> __blk_mq_run_hw_queue+0x35/0x90<br /> __blk_mq_delay_run_hw_queue+0x161/0x180<br /> blk_execute_rq+0xbe/0x160<br /> __nvme_submit_sync_cmd+0x16f/0x220 [nvme_core]<br /> nvmf_connect_admin_queue+0x11a/0x170 [nvme_fabrics]<br /> nvme_fc_create_association.cold+0x50/0x3dc [nvme_fc]<br /> nvme_fc_connect_ctrl_work+0x19/0x30 [nvme_fc]<br /> process_one_work+0x1e8/0x3c0<br /> <br /> On abort timeout, completion was called without checking if the I/O was<br /> already completed.<br /> <br /> Verify that I/O and abort request are indeed outstanding before attempting<br /> completion.