Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced object 0xffff888132a9f400 (size 512): comm "insmod", pid 308021, jiffies 4324277909 (age 509.733s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 08 f4 a9 32 81 88 ff ff ...........2.... 08 f4 a9 32 81 88 ff ff 00 00 00 00 00 00 00 00 ...2............ backtrace: [<00000000e8952bb4>] kmalloc_node_trace+0x22/0xa0 [<00000000f9980e0f>] blk_mq_alloc_and_init_hctx+0x3f1/0x7e0 [<000000002e719efa>] blk_mq_realloc_hw_ctxs+0x1e6/0x230 [<000000004f1fda40>] blk_mq_init_allocated_queue+0x27e/0x910 [<00000000287123ec>] __blk_mq_alloc_disk+0x67/0xf0 [<00000000a2a34657>] 0xffffffffa2ad310f [<00000000b173f718>] 0xffffffffa2af824a [<0000000095a1dabb>] do_one_initcall+0x87/0x2a0 [<00000000f32fdf93>] do_init_module+0xdf/0x320 [<00000000cbe8541e>] load_module+0x3006/0x3390 [<0000000069ed1bdb>] __do_sys_finit_module+0x113/0x1b0 [<00000000a1a29ae8>] do_syscall_64+0x35/0x80 [<000000009cd878b0>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 Fault injection context as follows: kobject_add blk_mq_register_hctx blk_mq_sysfs_register blk_register_queue device_add_disk null_add_dev.part.0 [null_blk] As 'blk_mq_register_hctx' may already add some objects when failed halfway, but there isn't do fallback, caller don't know which objects add failed. To solve above issue just do fallback when add objects failed halfway in 'blk_mq_register_hctx'.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.16, < 4.9.337 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/02bc8bc6eab03c84373281b85cb6e98747172ff7Patch
- https://git.kernel.org/stable/c/33e8a3f61814ea30615d0fafaf50477975d6c1caPatch
- https://git.kernel.org/stable/c/4b7a21c57b14fbcd0e1729150189e5933f5088e9Patch
- https://git.kernel.org/stable/c/4b7fafa5f39b15c3a6ca3b95e534d05d6904cc95Patch
- https://git.kernel.org/stable/c/654870789c3c1b9763316ef1c71d7a449127b175Patch
- https://git.kernel.org/stable/c/87fd18016a47ea8ae12641377a390172c4aa97a7Patch
- https://git.kernel.org/stable/c/cb186eb47fb9dd327bdefa15f0c5fc55c53a40ddPatch
- https://git.kernel.org/stable/c/e8022da1fa2fdf2fa204b445dd3354e7a66d085aPatch
- https://git.kernel.org/stable/c/eff45bfbc25a2509a6362dea6e699e14083c693cPatch
FAQ
What is CVE-2022-50434?
CVE-2022-50434 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced objec...
How severe is CVE-2022-50434?
CVE-2022-50434 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-50434?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.