CVE-2022-49413

In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-free issues. Fix the problem by updating cgroup information in bfq_merge_bio().

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2a1077f17169a6059992a0bbdb330e0abad1e6d9	Patch
https://git.kernel.org/stable/c/b06691af08b41dfd81052a3362514d9827b44bb1	Patch
https://git.kernel.org/stable/c/d9165200c5627a2cf4408eefabdf0058bdf95e1a	Patch
https://git.kernel.org/stable/c/da9f3025d595956410ceaab2bea01980d7775948	Patch
https://git.kernel.org/stable/c/e8821f45612f2e6d9adb9c6ba0fb4184f57692aa	Patch
https://git.kernel.org/stable/c/ea591cd4eb270393810e7be01feb8fde6a34fbbe	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

24 Mar 2025, 19:52

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/2a1077f17169a6059992a0bbdb330e0abad1e6d9 -~~	() https://git.kernel.org/stable/c/2a1077f17169a6059992a0bbdb330e0abad1e6d9 - Patch
References	~~() https://git.kernel.org/stable/c/b06691af08b41dfd81052a3362514d9827b44bb1 -~~	() https://git.kernel.org/stable/c/b06691af08b41dfd81052a3362514d9827b44bb1 - Patch
References	~~() https://git.kernel.org/stable/c/d9165200c5627a2cf4408eefabdf0058bdf95e1a -~~	() https://git.kernel.org/stable/c/d9165200c5627a2cf4408eefabdf0058bdf95e1a - Patch
References	~~() https://git.kernel.org/stable/c/da9f3025d595956410ceaab2bea01980d7775948 -~~	() https://git.kernel.org/stable/c/da9f3025d595956410ceaab2bea01980d7775948 - Patch
References	~~() https://git.kernel.org/stable/c/e8821f45612f2e6d9adb9c6ba0fb4184f57692aa -~~	() https://git.kernel.org/stable/c/e8821f45612f2e6d9adb9c6ba0fb4184f57692aa - Patch
References	~~() https://git.kernel.org/stable/c/ea591cd4eb270393810e7be01feb8fde6a34fbbe -~~	() https://git.kernel.org/stable/c/ea591cd4eb270393810e7be01feb8fde6a34fbbe - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bfq: Actualizar la información del cgroup antes de fusionar bio Cuando el proceso se migra a un cgroup diferente (o en caso de escritura diferida simplemente comienza a enviar bios asociados con un cgroup diferente) bfq_merge_bio() puede operar con información de cgroup obsoleta en bic. Por lo tanto, la bio se puede fusionar con una solicitud de un cgroup diferente o puede resultar en la fusión de bfqqs para diferentes cgroups o bfqqs de cgroups ya inactivos y causar posibles problemas de use-after-free. Solucione el problema actualizando la información del cgroup en bfq_merge_bio().

27 Feb 2025, 19:15

Type	Values Removed	Values Added
CWE		CWE-416
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

26 Feb 2025, 07:01

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-26 07:01

Updated : 2025-03-24 19:52

NVD link : CVE-2022-49413

Mitre link : CVE-2022-49413

CVE.ORG link : CVE-2022-49413

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10