cve-2022-49901
Vulnerability from cvelistv5
Published
2025-05-01 14:10
Modified
2025-05-04 08:48
Severity ?
EPSS score ?
Summary
blk-mq: Fix kmemleak in blk_mq_init_allocated_queue
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2dc97e15a54b7bdf457848aa8c663c98a24e58a6",
"status": "affected",
"version": "2f8f1336a48bd5186de3476da0a3e2ec06d0533a",
"versionType": "git"
},
{
"lessThan": "943f45b9399ed8b2b5190cbc797995edaa97f58f",
"status": "affected",
"version": "2f8f1336a48bd5186de3476da0a3e2ec06d0533a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-mq.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.8",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: Fix kmemleak in blk_mq_init_allocated_queue\n\nThere is a kmemleak caused by modprobe null_blk.ko\n\nunreferenced object 0xffff8881acb1f000 (size 1024):\n comm \"modprobe\", pid 836, jiffies 4294971190 (age 27.068s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S......\n backtrace:\n [\u003c000000004a10c249\u003e] kmalloc_node_trace+0x22/0x60\n [\u003c00000000648f7950\u003e] blk_mq_alloc_and_init_hctx+0x289/0x350\n [\u003c00000000af06de0e\u003e] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0\n [\u003c00000000e00c1872\u003e] blk_mq_init_allocated_queue+0x48c/0x1440\n [\u003c00000000d16b4e68\u003e] __blk_mq_alloc_disk+0xc8/0x1c0\n [\u003c00000000d10c98c3\u003e] 0xffffffffc450d69d\n [\u003c00000000b9299f48\u003e] 0xffffffffc4538392\n [\u003c0000000061c39ed6\u003e] do_one_initcall+0xd0/0x4f0\n [\u003c00000000b389383b\u003e] do_init_module+0x1a4/0x680\n [\u003c0000000087cf3542\u003e] load_module+0x6249/0x7110\n [\u003c00000000beba61b8\u003e] __do_sys_finit_module+0x140/0x200\n [\u003c00000000fdcfff51\u003e] do_syscall_64+0x35/0x80\n [\u003c000000003c0f1f71\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThat is because q-\u003ema_ops is set to NULL before blk_release_queue is\ncalled.\n\nblk_mq_init_queue_data\n blk_mq_init_allocated_queue\n blk_mq_realloc_hw_ctxs\n for (i = 0; i \u003c set-\u003enr_hw_queues; i++) {\n old_hctx = xa_load(\u0026q-\u003ehctx_table, i);\n if (!blk_mq_alloc_and_init_hctx(.., i, ..))\t\t[1]\n if (!old_hctx)\n\t break;\n\n xa_for_each_start(\u0026q-\u003ehctx_table, j, hctx, j)\n blk_mq_exit_hctx(q, set, hctx, j); \t\t\t[2]\n\n if (!q-\u003enr_hw_queues)\t\t\t\t\t[3]\n goto err_hctxs;\n\n err_exit:\n q-\u003emq_ops = NULL;\t\t\t \t\t\t[4]\n\n blk_put_queue\n blk_release_queue\n if (queue_is_mq(q))\t\t\t\t\t[5]\n blk_mq_release(q);\n\n[1]: blk_mq_alloc_and_init_hctx failed at i != 0.\n[2]: The hctxs allocated by [1] are moved to q-\u003eunused_hctx_list and\nwill be cleaned up in blk_mq_release.\n[3]: q-\u003enr_hw_queues is 0.\n[4]: Set q-\u003emq_ops to NULL.\n[5]: queue_is_mq returns false due to [4]. And blk_mq_release\nwill not be called. The hctxs in q-\u003eunused_hctx_list are leaked.\n\nTo fix it, call blk_release_queue in exception path."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:48:17.645Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2dc97e15a54b7bdf457848aa8c663c98a24e58a6"
},
{
"url": "https://git.kernel.org/stable/c/943f45b9399ed8b2b5190cbc797995edaa97f58f"
}
],
"title": "blk-mq: Fix kmemleak in blk_mq_init_allocated_queue",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49901",
"datePublished": "2025-05-01T14:10:46.974Z",
"dateReserved": "2025-05-01T14:05:17.245Z",
"dateUpdated": "2025-05-04T08:48:17.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49901\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:15.167\",\"lastModified\":\"2025-05-02T13:52:51.693\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nblk-mq: Fix kmemleak in blk_mq_init_allocated_queue\\n\\nThere is a kmemleak caused by modprobe null_blk.ko\\n\\nunreferenced object 0xffff8881acb1f000 (size 1024):\\n comm \\\"modprobe\\\", pid 836, jiffies 4294971190 (age 27.068s)\\n hex dump (first 32 bytes):\\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\\n ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S......\\n backtrace:\\n [\u003c000000004a10c249\u003e] kmalloc_node_trace+0x22/0x60\\n [\u003c00000000648f7950\u003e] blk_mq_alloc_and_init_hctx+0x289/0x350\\n [\u003c00000000af06de0e\u003e] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0\\n [\u003c00000000e00c1872\u003e] blk_mq_init_allocated_queue+0x48c/0x1440\\n [\u003c00000000d16b4e68\u003e] __blk_mq_alloc_disk+0xc8/0x1c0\\n [\u003c00000000d10c98c3\u003e] 0xffffffffc450d69d\\n [\u003c00000000b9299f48\u003e] 0xffffffffc4538392\\n [\u003c0000000061c39ed6\u003e] do_one_initcall+0xd0/0x4f0\\n [\u003c00000000b389383b\u003e] do_init_module+0x1a4/0x680\\n [\u003c0000000087cf3542\u003e] load_module+0x6249/0x7110\\n [\u003c00000000beba61b8\u003e] __do_sys_finit_module+0x140/0x200\\n [\u003c00000000fdcfff51\u003e] do_syscall_64+0x35/0x80\\n [\u003c000000003c0f1f71\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\\n\\nThat is because q-\u003ema_ops is set to NULL before blk_release_queue is\\ncalled.\\n\\nblk_mq_init_queue_data\\n blk_mq_init_allocated_queue\\n blk_mq_realloc_hw_ctxs\\n for (i = 0; i \u003c set-\u003enr_hw_queues; i++) {\\n old_hctx = xa_load(\u0026q-\u003ehctx_table, i);\\n if (!blk_mq_alloc_and_init_hctx(.., i, ..))\\t\\t[1]\\n if (!old_hctx)\\n\\t break;\\n\\n xa_for_each_start(\u0026q-\u003ehctx_table, j, hctx, j)\\n blk_mq_exit_hctx(q, set, hctx, j); \\t\\t\\t[2]\\n\\n if (!q-\u003enr_hw_queues)\\t\\t\\t\\t\\t[3]\\n goto err_hctxs;\\n\\n err_exit:\\n q-\u003emq_ops = NULL;\\t\\t\\t \\t\\t\\t[4]\\n\\n blk_put_queue\\n blk_release_queue\\n if (queue_is_mq(q))\\t\\t\\t\\t\\t[5]\\n blk_mq_release(q);\\n\\n[1]: blk_mq_alloc_and_init_hctx failed at i != 0.\\n[2]: The hctxs allocated by [1] are moved to q-\u003eunused_hctx_list and\\nwill be cleaned up in blk_mq_release.\\n[3]: q-\u003enr_hw_queues is 0.\\n[4]: Set q-\u003emq_ops to NULL.\\n[5]: queue_is_mq returns false due to [4]. And blk_mq_release\\nwill not be called. The hctxs in q-\u003eunused_hctx_list are leaked.\\n\\nTo fix it, call blk_release_queue in exception path.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: blk-mq: Se corrige kmemleak en blk_mq_init_allocated_queue Hay una kmemleak causada por modprobe null_blk.ko objeto no referenciado 0xffff8881acb1f000 (tama\u00f1o 1024): comm \\\"modprobe\\\", pid 836, jiffies 4294971190 (edad 27.068s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff ff 00 53 99 9e ff ff ff ff .........S...... backtrace: [\u0026lt;000000004a10c249\u0026gt;] kmalloc_node_trace+0x22/0x60 [\u0026lt;00000000648f7950\u0026gt;] blk_mq_alloc_and_init_hctx+0x289/0x350 [\u0026lt;00000000af06de0e\u0026gt;] blk_mq_realloc_hw_ctxs+0x2fe/0x3d0 [\u0026lt;00000000e00c1872\u0026gt;] blk_mq_init_allocated_queue+0x48c/0x1440 [\u0026lt;00000000d16b4e68\u0026gt;] __blk_mq_alloc_disk+0xc8/0x1c0 [\u0026lt;00000000d10c98c3\u0026gt;] 0xffffffffc450d69d [\u0026lt;00000000b9299f48\u0026gt;] 0xffffffffc4538392 [\u0026lt;0000000061c39ed6\u0026gt;] hacer_una_llamada_inicio+0xd0/0x4f0 [\u0026lt;00000000b389383b\u0026gt;] hacer_m\u00f3dulo_inicio+0x1a4/0x680 [\u0026lt;0000000087cf3542\u0026gt;] cargar_m\u00f3dulo+0x6249/0x7110 [\u0026lt;00000000beba61b8\u0026gt;] __hacer_m\u00f3dulo_finit_sys+0x140/0x200 [\u0026lt;00000000fdcfff51\u0026gt;] hacer_llamada_al_sistema_64+0x35/0x80 [\u0026lt;000000003c0f1f71\u0026gt;] entry_SYSCALL_64_after_hwframe+0x46/0xb0 Esto se debe a que q-\u0026gt;ma_ops se establece en NULL antes de llamar a blk_release_queue. blk_mq_init_queue_data blk_mq_init_allocated_queue blk_mq_realloc_hw_ctxs para (i = 0; i \u0026lt; set-\u0026gt;nr_hw_queues; i++) { old_hctx = xa_load(\u0026amp;q-\u0026gt;hctx_table, i); si (!blk_mq_alloc_and_init_hctx(.., i, ..)) [1] si (!old_hctx) break; xa_for_each_start(\u0026amp;q-\u0026gt;hctx_table, j, hctx, j) blk_mq_exit_hctx(q, set, hctx, j); [2] if (!q-\u0026gt;nr_hw_queues) [3] goto err_hctxs; err_exit: q-\u0026gt;mq_ops = NULL; [4] blk_put_queue blk_release_queue if (queue_is_mq(q)) [5] blk_mq_release(q); [1]: blk_mq_alloc_and_init_hctx fall\u00f3 en i != 0. [2]: Los hctxs asignados por [1] se mueven a q-\u0026gt;unused_hctx_list y se limpiar\u00e1n en blk_mq_release. [3]: q-\u0026gt;nr_hw_queues es 0. [4]: Establece q-\u0026gt;mq_ops en NULL. [5]: queue_is_mq devuelve falso debido a [4]. No se llamar\u00e1 a blk_mq_release. Los hctxs en q-\u0026gt;unused_hctx_list tienen fugas. Para solucionarlo, llame a blk_release_queue en la ruta de excepci\u00f3n.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2dc97e15a54b7bdf457848aa8c663c98a24e58a6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/943f45b9399ed8b2b5190cbc797995edaa97f58f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.