CVE-2022-50022

In line 2884, "raid5releasestripe(sh);" drops the reference to sh and may cause sh to be released. However, sh is subsequently used in lines 2886 "if (sh->batchhead && sh != sh->batchhead)". This may result in an use-after-free bug.

It can be fixed by moving "raid5releasestripe(sh);" to the bottom of the function.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50022.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

59fc630b8b5f9f21c8ce3ba153341c107dce1b0c

Fixed

7470a4314b239e9a9580f248fdf4c9a92805490e

Fixed

09cf99bace7789d91caa8d10fbcfc8b2fb35857f

Fixed

e5b3dd2d92c4511e81f6e4ec9c5bb7ad25e03d13

Fixed

f5d46f1b47f65da1faf468277b261eb78c8e25b5

Fixed

5d8325fd15892c8ab1146edc1d7ed8463de39636

Fixed

d9b94c3ace549433de8a93eeb27b0391fc8ac406

Fixed

eb3a4f73f43f839df981dda5859e8e075067a360

Fixed

104212471b1c1817b311771d817fb692af983173

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50022.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.9.326

Type: ECOSYSTEM
Events: Introduced

4.10.0

Fixed

4.14.291

Type: ECOSYSTEM
Events: Introduced

4.15.0

Fixed

4.19.256

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.211

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.138

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.63

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.19.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50022.json"