CVE-2022-49413

When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfqmergebio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-free issues. Fix the problem by updating cgroup information in bfqmergebio().

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49413.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e21b7a0b988772e82e7147e1c659a5afe2ae003c

Fixed

da9f3025d595956410ceaab2bea01980d7775948

Fixed

b06691af08b41dfd81052a3362514d9827b44bb1

Fixed

e8821f45612f2e6d9adb9c6ba0fb4184f57692aa

Fixed

d9165200c5627a2cf4408eefabdf0058bdf95e1a

Fixed

2a1077f17169a6059992a0bbdb330e0abad1e6d9

Fixed

ea591cd4eb270393810e7be01feb8fde6a34fbbe

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49413.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.12.0

Fixed

5.4.198

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.121

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.46

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.17.14

Type: ECOSYSTEM
Events: Introduced

5.18.0

Fixed

5.18.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49413.json"