CVE-2022-49720

EPSS 0.04%
Veröffentlicht 26.02.2025 07:01:47
Zuletzt bearbeitet 01.10.2025 20:17:08
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

block: Fix handling of offline queues in blk_mq_alloc_request_hctx()

This patch prevents that test nvme/004 triggers the following:

UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9
index 512 is out of range for type 'long unsigned int [512]'
Call Trace:
 show_stack+0x52/0x58
 dump_stack_lvl+0x49/0x5e
 dump_stack+0x10/0x12
 ubsan_epilogue+0x9/0x3b
 __ubsan_handle_out_of_bounds.cold+0x44/0x49
 blk_mq_alloc_request_hctx+0x304/0x310
 __nvme_submit_sync_cmd+0x70/0x200 [nvme_core]
 nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics]
 nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop]
 nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop]
 nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics]
 nvmf_dev_write+0xae/0x111 [nvme_fabrics]
 vfs_write+0x144/0x560
 ksys_write+0xb7/0x140
 __x64_sys_write+0x42/0x50
 do_syscall_64+0x35/0x80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.16 < 5.10.214

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.49

Linux ≫ Linux Kernel Version >= 5.16 < 5.18.6

Linux ≫ Linux Kernel Version5.19 Updaterc1

Linux ≫ Linux Kernel Version5.19 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.11

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/14dc7a18abbe4176f5626c13c333670da8e06aa1

Patch

https://git.kernel.org/stable/c/7fa28a7c3d74933a4fc22d341b60927952f31c19

Patch

https://git.kernel.org/stable/c/b202a0bd2580ee5b0453772c46d464152fafff73

Patch

https://git.kernel.org/stable/c/b5e65ef044d627effdc2599040b6d204e003f955

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-49720

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-49720

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-49720

EUVD