CVE-2022-49413

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49413
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49413.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49413
Downstream
Related
Published
2025-02-26T02:12:34.604Z
Modified
2026-03-20T12:24:30.920013Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
bfq: Update cgroup information before merging bio
Details

In the Linux kernel, the following vulnerability has been resolved:

bfq: Update cgroup information before merging bio

When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfqmergebio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-free issues. Fix the problem by updating cgroup information in bfqmergebio().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49413.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e21b7a0b988772e82e7147e1c659a5afe2ae003c
Fixed
da9f3025d595956410ceaab2bea01980d7775948
Fixed
b06691af08b41dfd81052a3362514d9827b44bb1
Fixed
e8821f45612f2e6d9adb9c6ba0fb4184f57692aa
Fixed
d9165200c5627a2cf4408eefabdf0058bdf95e1a
Fixed
2a1077f17169a6059992a0bbdb330e0abad1e6d9
Fixed
ea591cd4eb270393810e7be01feb8fde6a34fbbe

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49413.json"