CVE-2022-49176

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49176
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49176.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49176
Downstream
Related
Published
2025-02-26T01:55:30.586Z
Modified
2026-04-11T12:43:39.991264Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
bfq: fix use-after-free in bfq_dispatch_request
Details

In the Linux kernel, the following vulnerability has been resolved:

bfq: fix use-after-free in bfqdispatchrequest

KASAN reports a use-after-free report when doing normal scsi-mq test

[69832.239032] ================================================================== [69832.241810] BUG: KASAN: use-after-free in bfqdispatchrequest+0x1045/0x44b0 [69832.243267] Read of size 8 at addr ffff88802622ba88 by task kworker/3:1H/155 [69832.244656] [69832.245007] CPU: 3 PID: 155 Comm: kworker/3:1H Not tainted 5.10.0-10295-g576c6382529e #8 [69832.246626] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [69832.249069] Workqueue: kblockd blkmqrunworkfn [69832.250022] Call Trace: [69832.250541] dumpstack+0x9b/0xce [69832.251232] ? bfqdispatchrequest+0x1045/0x44b0 [69832.252243] printaddress_description.constprop.6+0x3e/0x60 [69832.253381] ? __cpuidletextend+0x5/0x5 [69832.254211] ? vprintkfunc+0x6b/0x120 [69832.254994] ? bfqdispatchrequest+0x1045/0x44b0 [69832.255952] ? bfqdispatchrequest+0x1045/0x44b0 [69832.256914] kasanreport.cold.9+0x22/0x3a [69832.257753] ? bfqdispatchrequest+0x1045/0x44b0 [69832.258755] checkmemoryregion+0x1c1/0x1e0 [69832.260248] bfqdispatchrequest+0x1045/0x44b0 [69832.261181] ? bfqbfqqexpire+0x2440/0x2440 [69832.262032] ? blkmqdelayrunhw_queues+0xf9/0x170 [69832.263022] __blkmqdodispatchsched+0x52f/0x830 [69832.264011] ? blkmqschedrequestinserted+0x100/0x100 [69832.265101] __blkmqscheddispatchrequests+0x398/0x4f0 [69832.266206] ? blkmqdodispatchctx+0x570/0x570 [69832.267147] ? __switchto+0x5f4/0xee0 [69832.267898] blkmqscheddispatch_requests+0xdf/0x140 [69832.268946] __blkmqrunhwqueue+0xc0/0x270 [69832.269840] blkmqrunworkfn+0x51/0x60 [69832.278170] processonework+0x6d4/0xfe0 [69832.278984] worker_thread+0x91/0xc80 [69832.279726] ? __kthreadparkme+0xb0/0x110 [69832.280554] ? processonework+0xfe0/0xfe0 [69832.281414] kthread+0x32d/0x3f0 [69832.282082] ? kthreadpark+0x170/0x170 [69832.282849] retfromfork+0x1f/0x30 [69832.283573] [69832.283886] Allocated by task 7725: [69832.284599] kasansavestack+0x19/0x40 [69832.285385] __kasankmalloc.constprop.2+0xc1/0xd0 [69832.286350] kmemcache_allocnode+0x13f/0x460 [69832.287237] bfqgetqueue+0x3d4/0x1140 [69832.287993] bfqgetbfqqhandlesplit+0x103/0x510 [69832.289015] bfqinitrq+0x337/0x2d50 [69832.289749] bfqinsertrequests+0x304/0x4e10 [69832.290634] blkmqschedinsertrequests+0x13e/0x390 [69832.291629] blkmqflushpluglist+0x4b4/0x760 [69832.292538] blkflushpluglist+0x2c5/0x480 [69832.293392] ioscheduleprepare+0xb2/0xd0 [69832.294209] ioscheduletimeout+0x13/0x80 [69832.295014] waitforcommonio.constprop.1+0x13c/0x270 [69832.296137] submitbiowait+0x103/0x1a0 [69832.296932] blkdevissuediscard+0xe6/0x160 [69832.297794] blkioctldiscard+0x219/0x290 [69832.298614] blkdevcommonioctl+0x50a/0x1750 [69832.304715] blkdevioctl+0x470/0x600 [69832.305474] blockioctl+0xde/0x120 [69832.306232] vfsioctl+0x6c/0xc0 [69832.306877] __sesysioctl+0x90/0xa0 [69832.307629] do_syscall64+0x2d/0x40 [69832.308362] entrySYSCALL64afterhwframe+0x44/0xa9 [69832.309382] [69832.309701] Freed by task 155: [69832.310328] kasansavestack+0x19/0x40 [69832.311121] kasansettrack+0x1c/0x30 [69832.311868] kasansetfreeinfo+0x1b/0x30 [69832.312699] __kasanslabfree+0x111/0x160 [69832.313524] kmemcachefree+0x94/0x460 [69832.314367] bfqputqueue+0x582/0x940 [69832.315112] __bfqbfqdresetinservice+0x166/0x1d0 [69832.317275] bfqbfqqexpire+0xb27/0x2440 [69832.318084] bfqdispatchrequest+0x697/0x44b0 [69832.318991] __blkmqdodispatchsched+0x52f/0x830 [69832.319984] __blkmqscheddispatchrequests+0x398/0x4f0 [69832.321087] blkmqscheddispatchrequests+0xdf/0x140 [69832.322225] __blkmqrunhwqueue+0xc0/0x270 [69832.323114] blkmqrunworkfn+0x51/0x6 ---truncated---

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49176.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
aee69d78dec0ffdf82e35d57c626e80dddc314d5
Fixed
74e610b5ee0d95e751280567100509eb11517efa
Fixed
5117c9ff4c2ebae0f5c2c262d42a25a8fbc086e6
Fixed
df6e00b1a53c57dca82c63b5ecbcad5452231bc7
Fixed
080665e2c3cbfc68359b9a348a3546ed9b908e7a
Fixed
5687958bf18f84384d809f521210d0f5deed03b0
Fixed
40b4ba0030e0b02cbacd424ebb9f4c8b0976c786
Fixed
ab552fcb17cc9e4afe0e4ac4df95fc7b30e8490a

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49176.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.12.0
Fixed
4.19.238
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.189
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.110
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.33
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.16.19
Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
5.17.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49176.json"