CVE-2022-49720

{"id": "CVE-2022-49720", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:47.703", "references": [{"url": "https://git.kernel.org/stable/c/14dc7a18abbe4176f5626c13c333670da8e06aa1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7fa28a7c3d74933a4fc22d341b60927952f31c19", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b202a0bd2580ee5b0453772c46d464152fafff73", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b5e65ef044d627effdc2599040b6d204e003f955", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix handling of offline queues in blk_mq_alloc_request_hctx()\n\nThis patch prevents that test nvme/004 triggers the following:\n\nUBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9\nindex 512 is out of range for type 'long unsigned int [512]'\nCall Trace:\n show_stack+0x52/0x58\n dump_stack_lvl+0x49/0x5e\n dump_stack+0x10/0x12\n ubsan_epilogue+0x9/0x3b\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n blk_mq_alloc_request_hctx+0x304/0x310\n __nvme_submit_sync_cmd+0x70/0x200 [nvme_core]\n nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics]\n nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop]\n nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop]\n nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics]\n nvmf_dev_write+0xae/0x111 [nvme_fabrics]\n vfs_write+0x144/0x560\n ksys_write+0xb7/0x140\n __x64_sys_write+0x42/0x50\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: Corregir la gesti\u00f3n de colas sin conexi\u00f3n enblk_mq_alloc_request_hctx() Este parche evita que la prueba nvme/004 active lo siguiente: UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9 index 512 is out of range for type 'long unsigned int [512]' Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x3b __ubsan_handle_out_of_bounds.cold+0x44/0x49 blk_mq_alloc_request_hctx+0x304/0x310 __nvme_submit_sync_cmd+0x70/0x200 [nvme_core] nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics] nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop] nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop] nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics] nvmf_dev_write+0xae/0x111 [nvme_fabrics] vfs_write+0x144/0x560 ksys_write+0xb7/0x140 __x64_sys_write+0x42/0x50 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae "}], "lastModified": "2025-03-07T20:44:17.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C07D8F07-95C2-4A5A-9A9A-024B35AF459D", "versionEndExcluding": "5.10.214", "versionStartIncluding": "4.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "697D250E-E0A4-41BE-BB54-96385E129206", "versionEndExcluding": "5.15.49", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDD33A19-B51E-4090-A47B-073098916815", "versionEndExcluding": "5.18.6", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF8547FC-C849-4F1B-804B-A93AE2F04A92"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}