Bug 2347861 (CVE-2022-49411) - CVE-2022-49411 kernel: bfq: Make sure bfqg for which we are queueing requests is online
Summary: CVE-2022-49411 kernel: bfq: Make sure bfqg for which we are queueing requests...
Keywords:
Status: NEW
Alias: CVE-2022-49411
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-26 03:09 UTC by OSIDB Bzimport
Modified: 2025-05-02 12:10 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:09:18 UTC 
In the Linux kernel, the following vulnerability has been resolved:

bfq: Make sure bfqg for which we are queueing requests is online

Bios queued into BFQ IO scheduler can be associated with a cgroup that
was already offlined. This may then cause insertion of this bfq_group
into a service tree. But this bfq_group will get freed as soon as last
bio associated with it is completed leading to use after free issues for
service tree users. Fix the problem by making sure we always operate on
online bfq_group. If the bfq_group associated with the bio is not
online, we pick the first online parent.
Comment 1 Avinash Hanwate 2025-02-26 13:22:59 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022652-CVE-2022-49411-63ad@gregkh/T
Comment 4 Avinash Hanwate 2025-02-26 17:34:16 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022652-CVE-2022-49411-63ad@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.