CVE-2022-49413: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-free issues. Fix the problem by updating cgroup information in bfq_merge_bio().
CVE-2022-49413CVSS 7.8Linux

CVE-2022-49413: linux kernel vulnerability

In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-free issues. Fix the problem by updating cgroup information in bfq_merge_bio().

CVSS
7.8 HIGH
EPSS
19.93%
Aktywnie wykorzystywana
brak w KEV
Produkt
linux kernel

Co wiadomo

In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-free issues. Fix the problem by updating cgroup information in bfq_merge_bio().

Źródła

Alerty bezpieczeństwa

Dostawaj alerty CVE zanim staną się incydentem

Wysyłamy wybrane zagrożenia infrastrukturalne po polsku, z praktycznym komentarzem dla środowisk DataHouse.

  • DataHouse: administracja serwerów i bezpieczna chmura
  • Hostilla.pl: hosting i usługi pocztowe
  • SecDNS.pl: bezpłatna warstwa bezpieczeństwa DNS