CVE-2022-50329

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-50329
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50329.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50329
Downstream
Related
Published
2025-09-15T14:49:32.123Z
Modified
2025-11-29T09:11:06.468360Z
Summary
block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq
Details

In the Linux kernel, the following vulnerability has been resolved:

block, bfq: fix uaf for bfqq in bfqexiticq_bfqq

Commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") will access 'bic->bfqq' in bicsetbfqq(), however, bfqexiticqbfqq() can free bfqq first, and then call bicset_bfqq(), which will cause uaf.

Fix the problem by moving bfqexitbfqq() behind bicsetbfqq().

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50329.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
5533742c7cb1bc9b1f0bf401cc397d44a3a9e07a
Fixed
1425f1bb5df5239021fd09ebc2a5e8070e705d36
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
094f3d9314d67691cb21ba091c1b528f6e3c4893
Fixed
7949b0df3dd9f4817ed4a4e989fa9ee81df6205f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
b22fd72bfebda3956efc4431b60ddfc0a51e03e0
Fixed
cfe5b38c37720313eff0dec5517442c7ab3c9a20
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
761564d93c8265f65543acf0a576b32d66bfa26a
Fixed
1ed959fef5b1c6f1a7a3fbea543698c30ebd6678
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
64dc8c732f5c2b406cc752e6aaa1bd5471159cab
Fixed
246cf66e300b76099b5dbd3fdd39e9a5dbc53f02

Affected versions

v5.*

v5.15.86

v6.*

v6.0.16
v6.1.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50329.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.15.86
Fixed
5.15.87
Type
ECOSYSTEM
Events
Introduced
6.0.16
Fixed
6.0.17
Type
ECOSYSTEM
Events
Introduced
6.1.2
Fixed
6.1.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50329.json"