CVE-2022-50414

low-risk

Published 2025-09-18

In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails fcoe_init() calls fcoe_transport_attach(&fcoe_sw_transport), but when fcoe_if_init() fails, &fcoe_sw_transport is not detached and leaves freed &fcoe_sw_transport on fcoe_transports list. This causes panic when reinserting module. BUG: unable to handle page fault for address: fffffbfff82e2213 RIP: 0010:fcoe_transport_attach+0xe1/0x230 [libfcoe] Call Trace: <TASK> do_one_initcall+0xd0/0x4e0 load_module+0x5eee/0x7210 ...

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (9)

Patch https://git.kernel.org/stable/c/09a60f908d8b6497f618113b7c3c31267dc90911

Patch https://git.kernel.org/stable/c/1dc499c615aa87dc46a3f2d1f91d2d358e55f3e3

Patch https://git.kernel.org/stable/c/22e8c7a56bb1cd2ed0beaaccb34282ac9cbbe27e

Patch https://git.kernel.org/stable/c/4155658cee394b22b24c6d64e49247bf26d95b92

Patch https://git.kernel.org/stable/c/aef82d16be5a353d913163f26fc4385e296be2b8

Patch https://git.kernel.org/stable/c/b5cc59470df64f26ad397dbb71cbf130cf489edf

Patch https://git.kernel.org/stable/c/be5f1a82ad6056db22c86005dc4cac22a20deeef

Patch https://git.kernel.org/stable/c/cf74d1197c0e3d2f353faa333e9e2847c73713f1

Patch https://git.kernel.org/stable/c/d581303d6f8d4139513105d73dd65f26c6707160

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal