CVE-2022-49176
- Source
- https://cve.org/CVERecord?id=CVE-2022-49176
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49176.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-49176
- Downstream
- Related
- Published
- 2025-02-26T01:55:30.586Z
- Modified
- 2026-03-20T12:22:13.995031Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- bfq: fix use-after-free in bfq_dispatch_request
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
bfq: fix use-after-free in bfqdispatchrequest
KASAN reports a use-after-free report when doing normal scsi-mq test
[69832.239032] ================================================================== [69832.241810] BUG: KASAN: use-after-free in bfqdispatchrequest+0x1045/0x44b0 [69832.243267] Read of size 8 at addr ffff88802622ba88 by task kworker/3:1H/155 [69832.244656] [69832.245007] CPU: 3 PID: 155 Comm: kworker/3:1H Not tainted 5.10.0-10295-g576c6382529e #8 [69832.246626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [69832.249069] Workqueue: kblockd blkmqrunworkfn [69832.250022] Call Trace: [69832.250541] dumpstack+0x9b/0xce [69832.251232] ? bfqdispatchrequest+0x1045/0x44b0 [69832.252243] printaddress_description.constprop.6+0x3e/0x60 [69832.253381] ? __cpuidletextend+0x5/0x5 [69832.254211] ? vprintkfunc+0x6b/0x120 [69832.254994] ? bfqdispatchrequest+0x1045/0x44b0 [69832.255952] ? bfqdispatchrequest+0x1045/0x44b0 [69832.256914] kasanreport.cold.9+0x22/0x3a [69832.257753] ? bfqdispatchrequest+0x1045/0x44b0 [69832.258755] checkmemoryregion+0x1c1/0x1e0 [69832.260248] bfqdispatchrequest+0x1045/0x44b0 [69832.261181] ? bfqbfqqexpire+0x2440/0x2440 [69832.262032] ? blkmqdelayrunhw_queues+0xf9/0x170 [69832.263022] __blkmqdodispatchsched+0x52f/0x830 [69832.264011] ? blkmqschedrequestinserted+0x100/0x100 [69832.265101] __blkmqscheddispatchrequests+0x398/0x4f0 [69832.266206] ? blkmqdodispatchctx+0x570/0x570 [69832.267147] ? __switchto+0x5f4/0xee0 [69832.267898] blkmqscheddispatch_requests+0xdf/0x140 [69832.268946] __blkmqrunhwqueue+0xc0/0x270 [69832.269840] blkmqrunworkfn+0x51/0x60 [69832.278170] processonework+0x6d4/0xfe0 [69832.278984] worker_thread+0x91/0xc80 [69832.279726] ? __kthreadparkme+0xb0/0x110 [69832.280554] ? processonework+0xfe0/0xfe0 [69832.281414] kthread+0x32d/0x3f0 [69832.282082] ? kthreadpark+0x170/0x170 [69832.282849] retfromfork+0x1f/0x30 [69832.283573] [69832.283886] Allocated by task 7725: [69832.284599] kasansavestack+0x19/0x40 [69832.285385] __kasankmalloc.constprop.2+0xc1/0xd0 [69832.286350] kmemcache_allocnode+0x13f/0x460 [69832.287237] bfqgetqueue+0x3d4/0x1140 [69832.287993] bfqgetbfqqhandlesplit+0x103/0x510 [69832.289015] bfqinitrq+0x337/0x2d50 [69832.289749] bfqinsertrequests+0x304/0x4e10 [69832.290634] blkmqschedinsertrequests+0x13e/0x390 [69832.291629] blkmqflushpluglist+0x4b4/0x760 [69832.292538] blkflushpluglist+0x2c5/0x480 [69832.293392] ioscheduleprepare+0xb2/0xd0 [69832.294209] ioscheduletimeout+0x13/0x80 [69832.295014] waitforcommonio.constprop.1+0x13c/0x270 [69832.296137] submitbiowait+0x103/0x1a0 [69832.296932] blkdevissuediscard+0xe6/0x160 [69832.297794] blkioctldiscard+0x219/0x290 [69832.298614] blkdevcommonioctl+0x50a/0x1750 [69832.304715] blkdevioctl+0x470/0x600 [69832.305474] blockioctl+0xde/0x120 [69832.306232] vfsioctl+0x6c/0xc0 [69832.306877] __sesysioctl+0x90/0xa0 [69832.307629] do_syscall64+0x2d/0x40 [69832.308362] entrySYSCALL64afterhwframe+0x44/0xa9 [69832.309382] [69832.309701] Freed by task 155: [69832.310328] kasansavestack+0x19/0x40 [69832.311121] kasansettrack+0x1c/0x30 [69832.311868] kasansetfreeinfo+0x1b/0x30 [69832.312699] __kasanslabfree+0x111/0x160 [69832.313524] kmemcachefree+0x94/0x460 [69832.314367] bfqputqueue+0x582/0x940 [69832.315112] __bfqbfqdresetinservice+0x166/0x1d0 [69832.317275] bfqbfqqexpire+0xb27/0x2440 [69832.318084] bfqdispatchrequest+0x697/0x44b0 [69832.318991] __blkmqdodispatchsched+0x52f/0x830 [69832.319984] __blkmqscheddispatchrequests+0x398/0x4f0 [69832.321087] blkmqscheddispatchrequests+0xdf/0x140 [69832.322225] __blkmqrunhwqueue+0xc0/0x270 [69832.323114] blkmqrunworkfn+0x51/0x6 ---truncated---
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49176.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/080665e2c3cbfc68359b9a348a3546ed9b908e7a
- https://git.kernel.org/stable/c/40b4ba0030e0b02cbacd424ebb9f4c8b0976c786
- https://git.kernel.org/stable/c/5117c9ff4c2ebae0f5c2c262d42a25a8fbc086e6
- https://git.kernel.org/stable/c/5687958bf18f84384d809f521210d0f5deed03b0
- https://git.kernel.org/stable/c/74e610b5ee0d95e751280567100509eb11517efa
- https://git.kernel.org/stable/c/ab552fcb17cc9e4afe0e4ac4df95fc7b30e8490a
- https://git.kernel.org/stable/c/df6e00b1a53c57dca82c63b5ecbcad5452231bc7
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49176.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49176
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedaee69d78dec0ffdf82e35d57c626e80dddc314d5Fixed74e610b5ee0d95e751280567100509eb11517efaFixed5117c9ff4c2ebae0f5c2c262d42a25a8fbc086e6Fixeddf6e00b1a53c57dca82c63b5ecbcad5452231bc7Fixed080665e2c3cbfc68359b9a348a3546ed9b908e7aFixed5687958bf18f84384d809f521210d0f5deed03b0Fixed40b4ba0030e0b02cbacd424ebb9f4c8b0976c786Fixedab552fcb17cc9e4afe0e4ac4df95fc7b30e8490a