CVE-2022-50329

In the Linux kernel, the following vulnerability has been resolved:

block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq

Commit 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'")
will access 'bic->bfqq' in bic_set_bfqq(), however, bfq_exit_icq_bfqq()
can free bfqq first, and then call bic_set_bfqq(), which will cause uaf.

Fix the problem by moving bfq_exit_bfqq() behind bic_set_bfqq().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
linuxlinux_kernel
5.15.86
linuxlinux_kernel
6.0.16
linuxlinux_kernel
6.1.2
linuxlinux_kernel
6.2:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.237-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.147-1
fixed
trixie
6.12.43-1
fixed
trixie (security)
6.12.41-1
fixed
forky
6.16.3-1
fixed
sid
6.16.7-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/1425f1bb5df5239021fd09ebc2a5e8070e705d36
https://git.kernel.org/stable/c/1ed959fef5b1c6f1a7a3fbea543698c30ebd6678
https://git.kernel.org/stable/c/246cf66e300b76099b5dbd3fdd39e9a5dbc53f02
https://git.kernel.org/stable/c/7949b0df3dd9f4817ed4a4e989fa9ee81df6205f
https://git.kernel.org/stable/c/cfe5b38c37720313eff0dec5517442c7ab3c9a20