CVE-2022-49120

low-risk

Published 2025-02-26

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix task leak in pm8001_send_abort_all() In pm8001_send_abort_all(), make sure to free the allocated sas task if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (5)

Patch https://git.kernel.org/stable/c/146cae06d2682d7563732544be334e8e6d3862b8

Patch https://git.kernel.org/stable/c/2051044d7901f1a9d7be95d0d32e53b88e9548f7

Patch https://git.kernel.org/stable/c/2290dcad6f65864dec518fb2d5fb45f67d684150

Patch https://git.kernel.org/stable/c/34c79d16ee69cb53288c202bb1ab0ba0130d9674

Patch https://git.kernel.org/stable/c/f90a74892f3acf0cdec5844e90fc8686ca13e7d7

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal