CVE-2022-49053

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49053
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49053.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49053
Downstream
Related
Published
2025-02-26T01:54:26.806Z
Modified
2026-03-20T12:22:07.957260Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
scsi: target: tcmu: Fix possible page UAF
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: tcmu: Fix possible page UAF

tcmutrygetdatapage() looks up pages under cmdrlock, but it does not take refcount properly and just returns page pointer. When tcmutrygetdatapage() returns, the returned page may have been freed by tcmublocks_release().

We need to getpage() under cmdrlock to avoid concurrent tcmublocksrelease().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49053.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
141685a39151aea95eb56562d2953e919c6c73da
Fixed
d7c5d79e50be6e06b669141e3db1f977a0dd4e8e
Fixed
e3e0e067d5b34e4a68e3cc55f8eebc413f56f8ed
Fixed
fb7a5115422fbd6a4d505e8844f1ef5529f10489
Fixed
aec36b98a1bbaa84bfd8299a306e4c12314af626
Fixed
b7f3b5d70c834f49f7d87a2f2ed1c6284d9a0322
Fixed
a9564d84ed9f6ee71017d062d0d2182154294a4b
Fixed
a6968f7a367f128d120447360734344d5a3d5336

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49053.json"