CVE-2022-50530
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50530
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50530.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50530
- Downstream
- Published
- 2025-10-07T15:19:21Z
- Modified
- 2025-10-16T09:27:11.946898Z
- Summary
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: fix null pointer dereference in blkmqclearrqmapping()
Our syzkaller report a null pointer dereference, root cause is following:
_blkmqallocmapandrqs set->tags[hctxidx] = blkmqallocmapandrqs blkmqallocmapandrqs blkmqallocrqs // failed due to oom allocpagesnode // set->tags[hctxidx] is still NULL blkmqfreerqs drvtags = set->tags[hctxidx]; // null pointer dereference is triggered blkmqclearrqmapping(drv_tags, ...)
This is because commit 63064be150e4 ("blk-mq: Add blkmqallocmapand_rqs()") merged the two steps:
1) set->tags[hctxidx] = blkmqallocrqmap() 2) blkmqallocrqs(..., set->tags[hctx_idx])
into one step:
set->tags[hctxidx] = blkmqallocmapandrqs()
Since tags is not initialized yet in this case, fix the problem by checking if tags is NULL pointer in blkmqclearrqmapping().
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced63064be150e4b1ba1e4af594ef5aa81adf21a52dFixed6a440e6d04431e774dc084abe88c106e2a474c1a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced63064be150e4b1ba1e4af594ef5aa81adf21a52dFixed76dd298094f484c6250ebd076fa53287477b2328