DEBIAN-CVE-2022-50646

DEBIAN-CVE-2022-50646 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsa_init_one() The hpda_alloc_ctlr_info() allocates h and its field reply_map. However, in hpsa_init_one(), if alloc_percpu() failed, the hpsa_init_one() jumps to clean1 directly, which frees h and leaks the h->reply_map. Fix by calling hpda_free_ctlr_info() to release h->replay_map and h instead free h directly.

Affected Products

Vendor	Product	Versions
Debian:12	linux	0, 0, 0
Debian:14	linux	0, 0, 0
Debian:13	linux	0, 0, 0
Debian:11	linux	5.10.127-2, 5.10.127-2, 5.10.136-1

Timeline

Dec 9, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-50646 advisory

Open in Interactive Console →