CVE-2022-50493
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/10/2025
Last modified:
23/01/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
scsi: qla2xxx: Fix crash when I/O abort times out<br />
<br />
While performing CPU hotplug, a crash with the following stack was seen:<br />
<br />
Call Trace:<br />
qla24xx_process_response_queue+0x42a/0x970 [qla2xxx]<br />
qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx]<br />
qla_nvme_post_cmd+0x166/0x240 [qla2xxx]<br />
nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc]<br />
blk_mq_dispatch_rq_list+0x17b/0x610<br />
__blk_mq_sched_dispatch_requests+0xb0/0x140<br />
blk_mq_sched_dispatch_requests+0x30/0x60<br />
__blk_mq_run_hw_queue+0x35/0x90<br />
__blk_mq_delay_run_hw_queue+0x161/0x180<br />
blk_execute_rq+0xbe/0x160<br />
__nvme_submit_sync_cmd+0x16f/0x220 [nvme_core]<br />
nvmf_connect_admin_queue+0x11a/0x170 [nvme_fabrics]<br />
nvme_fc_create_association.cold+0x50/0x3dc [nvme_fc]<br />
nvme_fc_connect_ctrl_work+0x19/0x30 [nvme_fc]<br />
process_one_work+0x1e8/0x3c0<br />
<br />
On abort timeout, completion was called without checking if the I/O was<br />
already completed.<br />
<br />
Verify that I/O and abort request are indeed outstanding before attempting<br />
completion.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.3.17 (including) | 5.4 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4.4 (including) | 5.15.86 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.0.16 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1 (including) | 6.1.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page