CVE-2022-49534 is a vulnerability identified in the Linux kernel specifically affecting the lpfc (LightPulse Fibre Channel) driver component responsible for managing NPIV (N_Port ID Virtualization) ports. The vulnerability arises from a potential memory leak in two functions: lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject(). These functions handle error and reject responses related to PLOGI (Port Login) reject messages (PLOGI_RJT) during NPIV port login processes. The issue is that memory allocated for the login mailbox (login_mbox) and associated service parameter buffers (ctx_buf) may not be properly freed upon handling these reject responses. Specifically, if cmdiocb->context_un.mbox is allocated in lpfc_ignore_els_cmpl(), it is not correctly returned to the mailbox memory pool (phba->mbox_mem_pool). Similarly, lpfc_els_rsp_reject() fails to free both the ctx_buf and login_mbox buffers on failure paths. This memory leak can lead to gradual exhaustion of kernel memory resources, potentially degrading system stability or causing denial of service conditions on systems utilizing NPIV-enabled Fibre Channel adapters. The vulnerability does not require user interaction or authentication to be triggered but is limited to systems running the affected Linux kernel versions with the lpfc driver managing NPIV ports. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The issue was published on February 26, 2025, and relates to specific kernel commits identified by their hashes.

For European organizations, the impact of CVE-2022-49534 primarily concerns enterprises and data centers relying on Linux servers with Fibre Channel storage networks using NPIV technology. Memory leaks in kernel drivers can cause resource depletion leading to system instability, degraded performance, or crashes, which in turn can disrupt critical business operations, especially in environments with high storage I/O demands such as financial institutions, cloud service providers, and large-scale manufacturing. While this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant if exploited or triggered repeatedly, causing denial of service. Organizations with mission-critical storage infrastructure that depend on Linux-based servers for storage connectivity are at higher risk. Given the absence of known exploits, the immediate threat level is moderate, but the risk increases if attackers develop exploit techniques targeting this vulnerability. The complexity of exploitation is moderate since it requires specific hardware and configuration (NPIV ports on Fibre Channel adapters), limiting the attack surface but not eliminating it for affected environments.

To mitigate CVE-2022-49534, European organizations should: 1) Apply the latest Linux kernel patches that address this memory leak as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Audit and inventory systems running the lpfc driver with NPIV enabled to identify potentially vulnerable hosts. 3) Monitor system logs and kernel memory usage for signs of abnormal memory consumption related to Fibre Channel operations. 4) Where possible, limit or disable NPIV functionality on lpfc drivers if not required, reducing the attack surface. 5) Implement proactive kernel memory monitoring and alerting to detect early signs of resource leaks. 6) Coordinate with hardware vendors for firmware updates or configuration guidance to complement kernel fixes. 7) Conduct thorough testing of patches in staging environments before deployment to avoid service disruptions. These steps go beyond generic advice by focusing on hardware-specific configurations and proactive monitoring tailored to the nature of the vulnerability.