1. Home
  2. Vulnerabilities
  3. CVE-2022-50288
0.0
NA
CVE-2022-50288
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
Description

In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure adapter->dcb would get silently freed inside qlcnic_dcb_enable() in case qlcnic_dcb_attach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the existing callers invoke qlcnic_dcb_get_info() on the obtained pointer, which is potentially freed at that point. Propagate errors from qlcnic_dcb_enable(), and instead free the dcb pointer at callsite using qlcnic_dcb_free(). This also removes the now unused qlcnic_clear_dcb_ops() helper, which was a simple wrapper around kfree() also causing memory leaks for partially initialized dcb. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.

INFO

Published Date :

Sept. 15, 2025, 3:15 p.m.

Last Modified :

Sept. 15, 2025, 3:22 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2022-50288 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Fix use-after-free by propagating errors and freeing the dcb pointer at the call site.
  • Propagate errors from qlcnic_dcb_enable().
  • Free dcb pointer at callsite using qlcnic_dcb_free().
  • Remove unused qlcnic_clear_dcb_ops() helper.
  • Apply the latest kernel patches.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-50288.

URL Resource
https://git.kernel.org/stable/c/13a7c8964afcd8ca43c0b6001ebb0127baa95362
https://git.kernel.org/stable/c/36999236f0b12d5de21a6f40e93b570727b9ceb2
https://git.kernel.org/stable/c/513787ff9a331b461115e8a145a983d650a84fcb
https://git.kernel.org/stable/c/8df1dc04ce0e4c03b51a756749c250a9cb17d707
https://git.kernel.org/stable/c/8f97eeb02a553cdc78c83a0596448a370e1518c4
https://git.kernel.org/stable/c/95df720e64a6409d8152827a776c43f615e3321a
https://git.kernel.org/stable/c/a2a694e6edbdb3efb34e1613a31fdcf6cf444a55
https://git.kernel.org/stable/c/d12a7510293d3370b234b0b7c5eda33e58786768
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-50288 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-50288 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-50288 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2022-50288 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Sep. 15, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure adapter->dcb would get silently freed inside qlcnic_dcb_enable() in case qlcnic_dcb_attach() would return an error, which always happens under OOM conditions. This would lead to use-after-free because both of the existing callers invoke qlcnic_dcb_get_info() on the obtained pointer, which is potentially freed at that point. Propagate errors from qlcnic_dcb_enable(), and instead free the dcb pointer at callsite using qlcnic_dcb_free(). This also removes the now unused qlcnic_clear_dcb_ops() helper, which was a simple wrapper around kfree() also causing memory leaks for partially initialized dcb. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.
    Added Reference https://git.kernel.org/stable/c/13a7c8964afcd8ca43c0b6001ebb0127baa95362
    Added Reference https://git.kernel.org/stable/c/36999236f0b12d5de21a6f40e93b570727b9ceb2
    Added Reference https://git.kernel.org/stable/c/513787ff9a331b461115e8a145a983d650a84fcb
    Added Reference https://git.kernel.org/stable/c/8df1dc04ce0e4c03b51a756749c250a9cb17d707
    Added Reference https://git.kernel.org/stable/c/8f97eeb02a553cdc78c83a0596448a370e1518c4
    Added Reference https://git.kernel.org/stable/c/95df720e64a6409d8152827a776c43f615e3321a
    Added Reference https://git.kernel.org/stable/c/a2a694e6edbdb3efb34e1613a31fdcf6cf444a55
    Added Reference https://git.kernel.org/stable/c/d12a7510293d3370b234b0b7c5eda33e58786768
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.