cve-2022-49902
Vulnerability from cvelistv5
Published
2025-05-01 14:10
Modified
2025-05-04 08:48
Severity ?
EPSS score ?
Summary
block: Fix possible memory leak for rq_wb on add_disk failure
References
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/genhd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4e68c5da60cd79950bd56287ae80b39d6261f995",
"status": "affected",
"version": "83cbce9574462c6b4eed6797bdaf18fae6859ab3",
"versionType": "git"
},
{
"lessThan": "528677d3b4af985445bd4ac667485ded1ed11220",
"status": "affected",
"version": "83cbce9574462c6b4eed6797bdaf18fae6859ab3",
"versionType": "git"
},
{
"lessThan": "fa81cbafbf5764ad5053512152345fab37a1fe18",
"status": "affected",
"version": "83cbce9574462c6b4eed6797bdaf18fae6859ab3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/genhd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.78",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.8",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix possible memory leak for rq_wb on add_disk failure\n\nkmemleak reported memory leaks in device_add_disk():\n\nkmemleak: 3 new suspected memory leaks\n\nunreferenced object 0xffff88800f420800 (size 512):\n comm \"modprobe\", pid 4275, jiffies 4295639067 (age 223.512s)\n hex dump (first 32 bytes):\n 04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 ................\n 00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c00000000d3662699\u003e] kmalloc_trace+0x26/0x60\n [\u003c00000000edc7aadc\u003e] wbt_init+0x50/0x6f0\n [\u003c0000000069601d16\u003e] wbt_enable_default+0x157/0x1c0\n [\u003c0000000028fc393f\u003e] blk_register_queue+0x2a4/0x420\n [\u003c000000007345a042\u003e] device_add_disk+0x6fd/0xe40\n [\u003c0000000060e6aab0\u003e] nbd_dev_add+0x828/0xbf0 [nbd]\n ...\n\nIt is because the memory allocated in wbt_enable_default() is not\nreleased in device_add_disk() error path.\nNormally, these memory are freed in:\n\ndel_gendisk()\n rq_qos_exit()\n rqos-\u003eops-\u003eexit(rqos);\n wbt_exit()\n\nSo rq_qos_exit() is called to free the rq_wb memory for wbt_init().\nHowever in the error path of device_add_disk(), only\nblk_unregister_queue() is called and make rq_wb memory leaked.\n\nAdd rq_qos_exit() to the error path to fix it."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:48:18.878Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e68c5da60cd79950bd56287ae80b39d6261f995"
},
{
"url": "https://git.kernel.org/stable/c/528677d3b4af985445bd4ac667485ded1ed11220"
},
{
"url": "https://git.kernel.org/stable/c/fa81cbafbf5764ad5053512152345fab37a1fe18"
}
],
"title": "block: Fix possible memory leak for rq_wb on add_disk failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49902",
"datePublished": "2025-05-01T14:10:47.608Z",
"dateReserved": "2025-05-01T14:05:17.245Z",
"dateUpdated": "2025-05-04T08:48:18.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-49902\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-01T15:16:15.270\",\"lastModified\":\"2025-05-02T13:52:51.693\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nblock: Fix possible memory leak for rq_wb on add_disk failure\\n\\nkmemleak reported memory leaks in device_add_disk():\\n\\nkmemleak: 3 new suspected memory leaks\\n\\nunreferenced object 0xffff88800f420800 (size 512):\\n comm \\\"modprobe\\\", pid 4275, jiffies 4295639067 (age 223.512s)\\n hex dump (first 32 bytes):\\n 04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 ................\\n 00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00 ................\\n backtrace:\\n [\u003c00000000d3662699\u003e] kmalloc_trace+0x26/0x60\\n [\u003c00000000edc7aadc\u003e] wbt_init+0x50/0x6f0\\n [\u003c0000000069601d16\u003e] wbt_enable_default+0x157/0x1c0\\n [\u003c0000000028fc393f\u003e] blk_register_queue+0x2a4/0x420\\n [\u003c000000007345a042\u003e] device_add_disk+0x6fd/0xe40\\n [\u003c0000000060e6aab0\u003e] nbd_dev_add+0x828/0xbf0 [nbd]\\n ...\\n\\nIt is because the memory allocated in wbt_enable_default() is not\\nreleased in device_add_disk() error path.\\nNormally, these memory are freed in:\\n\\ndel_gendisk()\\n rq_qos_exit()\\n rqos-\u003eops-\u003eexit(rqos);\\n wbt_exit()\\n\\nSo rq_qos_exit() is called to free the rq_wb memory for wbt_init().\\nHowever in the error path of device_add_disk(), only\\nblk_unregister_queue() is called and make rq_wb memory leaked.\\n\\nAdd rq_qos_exit() to the error path to fix it.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: Reparar posible p\u00e9rdida de memoria para rq_wb en caso de error de add_disk kmemleak inform\u00f3 p\u00e9rdidas de memoria en device_add_disk(): kmemleak: 3 nuevas p\u00e9rdidas de memoria sospechosas objeto no referenciado 0xffff88800f420800 (tama\u00f1o 512): comm \\\"modprobe\\\", pid 4275, jiffies 4295639067 (edad 223.512s) volcado hexadecimal (primeros 32 bytes): 04 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 00 ................ 00 e1 f5 05 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [\u0026lt;00000000d3662699\u0026gt;] kmalloc_trace+0x26/0x60 [\u0026lt;00000000edc7aadc\u0026gt;] wbt_init+0x50/0x6f0 [\u0026lt;0000000069601d16\u0026gt;] wbt_enable_default+0x157/0x1c0 [\u0026lt;0000000028fc393f\u0026gt;] blk_register_queue+0x2a4/0x420 [\u0026lt;000000007345a042\u0026gt;] device_add_disk+0x6fd/0xe40 [\u0026lt;0000000060e6aab0\u0026gt;] nbd_dev_add+0x828/0xbf0 [nbd] ... Esto se debe a que la memoria asignada en wbt_enable_default() no se libera en la ruta de error device_add_disk(). Normalmente, esta memoria se libera en: del_gendisk() rq_qos_exit() rqos-\u0026gt;ops-\u0026gt;exit(rqos); wbt_exit(). Por lo tanto, se llama a rq_qos_exit() para liberar la memoria rq_wb para wbt_init(). Sin embargo, en la ruta de error de device_add_disk(), solo se llama a blk_unregister_queue(), lo que provoca una fuga de memoria en rq_wb. Agregue rq_qos_exit() a la ruta de error para corregirlo.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/4e68c5da60cd79950bd56287ae80b39d6261f995\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/528677d3b4af985445bd4ac667485ded1ed11220\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fa81cbafbf5764ad5053512152345fab37a1fe18\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.