AZL-59135

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59135.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-59135

Upstream

CVE-2022-49168

Published

2025-02-26T07:00:53Z

Modified

2026-04-01T05:19:50.588905Z

Summary

CVE-2022-49168 affecting package kernel for versions less than 5.15.184.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

btrfs: do not clean up repair bio if submit fails

The submit helper will always run bioendio() on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs because we race with the endio function that is cleaning up the bio. Instead just return BLKSTS_OK as the repair function has to continue to process the rest of the pages, and the endio for the repair bio will do the appropriate cleanup for the page that it was given.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-49168

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.184.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59135.json"