Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-free issues. Fix the problem by updating cgroup information in bfq_merge_bio().
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.12, < 5.4.198 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/2a1077f17169a6059992a0bbdb330e0abad1e6d9Patch
- https://git.kernel.org/stable/c/b06691af08b41dfd81052a3362514d9827b44bb1Patch
- https://git.kernel.org/stable/c/d9165200c5627a2cf4408eefabdf0058bdf95e1aPatch
- https://git.kernel.org/stable/c/da9f3025d595956410ceaab2bea01980d7775948Patch
- https://git.kernel.org/stable/c/e8821f45612f2e6d9adb9c6ba0fb4184f57692aaPatch
- https://git.kernel.org/stable/c/ea591cd4eb270393810e7be01feb8fde6a34fbbePatch
FAQ
What is CVE-2022-49413?
CVE-2022-49413 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just...
How severe is CVE-2022-49413?
CVE-2022-49413 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49413?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.