Bug 2347929 (CVE-2022-49377)
| Summary: | CVE-2022-49377 kernel: blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A use-after-free vulnerability was found in the blk_mq_get_sq_hctx function in the Linux kernel's block multiqueue (blk-mq) subsystem. This issue occurs when the function accesses the tagset pointer to determine the current default hardware context through mapping. If this access occurs after the tagset has been freed, typically after the queue cleanup process, it can lead to memory corruption. Such corruption may result in system crashes, information leaks, or privilege escalation, depending on how the freed memory is subsequently used.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-02-26 03:11:40 UTC
|