2347682 – (CVE-2022-49413) CVE-2022-49413 kernel: bfq: Update cgroup information before merging bio

Bug 2347682 (CVE-2022-49413) - CVE-2022-49413 kernel: bfq: Update cgroup information before merging bio

Summary: CVE-2022-49413 kernel: bfq: Update cgroup information before merging bio

Keywords:
Status:	NEW
Alias:	CVE-2022-49413
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-26 03:03 UTC by OSIDB Bzimport
Modified:	2025-05-07 15:23 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-26 03:03:04 UTC

In the Linux kernel, the following vulnerability has been resolved:

bfq: Update cgroup information before merging bio

When the process is migrated to a different cgroup (or in case of
writeback just starts submitting bios associated with a different
cgroup) bfq_merge_bio() can operate with stale cgroup information in
bic. Thus the bio can be merged to a request from a different cgroup or
it can result in merging of bfqqs for different cgroups or bfqqs of
already dead cgroups and causing possible use-after-free issues. Fix the
problem by updating cgroup information in bfq_merge_bio().

Comment 1 Mauro Matteo Cascella 2025-02-26 09:39:59 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025022653-CVE-2022-49413-ae69@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.