5.5
CVE-2021-47412
- EPSS 0.22%
- Veröffentlicht 21.05.2024 15:15:26
- Zuletzt bearbeitet 03.11.2025 18:15:38
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
block: don't call rq_qos_ops->done_bio if the bio isn't tracked
In the Linux kernel, the following vulnerability has been resolved: block: don't call rq_qos_ops->done_bio if the bio isn't tracked rq_qos framework is only applied on request based driver, so: 1) rq_qos_done_bio() needn't to be called for bio based driver 2) rq_qos_done_bio() needn't to be called for bio which isn't tracked, such as bios ended from error handling code. Especially in bio_endio(): 1) request queue is referred via bio->bi_bdev->bd_disk->queue, which may be gone since request queue refcount may not be held in above two cases 2) q->rq_qos may be freed in blk_cleanup_queue() when calling into __rq_qos_done_bio() Fix the potential kernel panic by not calling rq_qos_ops->done_bio if the bio isn't tracked. This way is safe because both ioc_rqos_done_bio() and blkcg_iolatency_done_bio() are nop if the bio isn't tracked.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.10.241
Linux ≫ Linux Kernel Version >= 5.11 < 5.14.11
Linux ≫ Linux Kernel Version5.15 Updaterc1
Linux ≫ Linux Kernel Version5.15 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.126 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
https://git.kernel.org/stable/c/004b8f8a691205a93d9e80d98b786b2b97424d6e
https://git.kernel.org/stable/c/a647a524a46736786c95cdb553a070322ca096e3
https://git.kernel.org/stable/c/db60edbfff332a6a5477c367af8125f034570989
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html