CVE-2022-50467

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2022-50467 RHSA-2023:2458 RHSA-2023:2951 RHSA-2024:4447 SUSE-SU-2025:03613-1 SUSE-SU-2025:03615-1

Analyzed

Published: 01 Oct 2025, 11:45

Last modified:11 May 2026, 19:20

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Oct 2025, 11:45

Published

Vulnerability first disclosed

11 May 2026, 19:20

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID An error case exit from lpfc_cmpl_ct_cmd_gft_id() results in a call to lpfc_nlp_put() with a null pointer to a nodelist structure. Changed lpfc_cmpl_ct_cmd_gft_id() to initialize nodelist pointer upon entry.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 2%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ 04c1d9c50ae32d6efd0b71024b3829051821c7a2, < 04e7cd8c85636a329d1a6e5a269a7c8b6f71c41c | ≥ 04c1d9c50ae32d6efd0b71024b3829051821c7a2, < 82dc1fe4324e2c897f2ed1c66f4fcff03094ac3a | ≥ 04c1d9c50ae32d6efd0b71024b3829051821c7a2, < 59b7e210a522b836a01516c71ee85d1d92c1f075 | 5.14
linux•linux_kernel
≥ 5.14, < 5.19.17 | ≥ 6.0, < 6.0.3