-
CVE-2022-50092
- EPSS 0.04%
- Veröffentlicht 18.06.2025 11:02:31
- Zuletzt bearbeitet 18.06.2025 13:47:40
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950 CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_address_description.constprop.0.cold+0xeb/0x3f4 kasan_report.cold+0xe6/0x147 dm_pool_register_metadata_threshold+0x40/0x80 pool_ctr+0xa0a/0x1150 dm_table_add_target+0x2c8/0x640 table_load+0x1fd/0x430 ctl_ioctl+0x2c4/0x5a0 dm_ctl_ioctl+0xa/0x10 __x64_sys_ioctl+0xb3/0xd0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 This can be easily reproduced using: echo offline > /sys/block/sda/device/state dd if=/dev/zero of=/dev/mapper/thin bs=4k count=10 dmsetup load pool --table "0 20971520 thin-pool /dev/sda /dev/sdb 128 0 0" If a metadata commit fails, the transaction will be aborted and the metadata space maps will be destroyed. If a DM table reload then happens for this failed thin-pool, a use-after-free will occur in dm_sm_register_threshold_callback (called from dm_pool_register_metadata_threshold). Fix this by in dm_pool_register_metadata_threshold() by returning the -EINVAL error if the thin-pool is in fail mode. Also fail pool_ctr() with a new error message: "Error registering metadata threshold".
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
05cef0999b3208b5a6ede1bfac855139e4de55ef
Version
ac8c3f3df65e487bbcabf274eeeb9cd222f5da1e
Status
affected
Version <
5e2cf705155a1514be3c96ea664a9cd356998ee7
Version
ac8c3f3df65e487bbcabf274eeeb9cd222f5da1e
Status
affected
Version <
f83131a3071a0b61a4d7dca70f95adb3ffad920e
Version
ac8c3f3df65e487bbcabf274eeeb9cd222f5da1e
Status
affected
Version <
1a199fa9217d28511ff88529238fd9980ea64cf3
Version
ac8c3f3df65e487bbcabf274eeeb9cd222f5da1e
Status
affected
Version <
e4dbe24f4bfd8377e7ba79fdcdb7c4d6eb1c6790
Version
ac8c3f3df65e487bbcabf274eeeb9cd222f5da1e
Status
affected
Version <
3534e5a5ed2997ca1b00f44a0378a075bd05e8a3
Version
ac8c3f3df65e487bbcabf274eeeb9cd222f5da1e
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
3.10
Status
affected
Version <
3.10
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.211
Status
unaffected
Version <=
5.10.*
Version
5.10.137
Status
unaffected
Version <=
5.15.*
Version
5.15.61
Status
unaffected
Version <=
5.18.*
Version
5.18.18
Status
unaffected
Version <=
5.19.*
Version
5.19.2
Status
unaffected
Version <=
*
Version
6.0
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.094 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|