CVE-2022-50329
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50329
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50329.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50329
- Downstream
- Related
- Published
- 2025-09-15T14:49:32Z
- Modified
- 2025-10-16T09:10:01.151499Z
- Summary
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
block, bfq: fix uaf for bfqq in bfqexiticq_bfqq
Commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") will access 'bic->bfqq' in bicsetbfqq(), however, bfqexiticqbfqq() can free bfqq first, and then call bicset_bfqq(), which will cause uaf.
Fix the problem by moving bfqexitbfqq() behind bicsetbfqq().
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/1425f1bb5df5239021fd09ebc2a5e8070e705d36
- https://git.kernel.org/stable/c/1ed959fef5b1c6f1a7a3fbea543698c30ebd6678
- https://git.kernel.org/stable/c/246cf66e300b76099b5dbd3fdd39e9a5dbc53f02
- https://git.kernel.org/stable/c/7949b0df3dd9f4817ed4a4e989fa9ee81df6205f
- https://git.kernel.org/stable/c/cfe5b38c37720313eff0dec5517442c7ab3c9a20
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5533742c7cb1bc9b1f0bf401cc397d44a3a9e07aFixed1425f1bb5df5239021fd09ebc2a5e8070e705d36
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced094f3d9314d67691cb21ba091c1b528f6e3c4893Fixed7949b0df3dd9f4817ed4a4e989fa9ee81df6205f
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedb22fd72bfebda3956efc4431b60ddfc0a51e03e0Fixedcfe5b38c37720313eff0dec5517442c7ab3c9a20
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced761564d93c8265f65543acf0a576b32d66bfa26aFixed1ed959fef5b1c6f1a7a3fbea543698c30ebd6678
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced64dc8c732f5c2b406cc752e6aaa1bd5471159cabFixed246cf66e300b76099b5dbd3fdd39e9a5dbc53f02