-
CVE-2022-50434
- EPSS 0.04%
- Published 01.10.2025 12:15:35
- Last modified 02.10.2025 19:12:17
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
blk-mq: fix possible memleak when register 'hctx' failed
There's issue as follows when do fault injection test:
unreferenced object 0xffff888132a9f400 (size 512):
comm "insmod", pid 308021, jiffies 4324277909 (age 509.733s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 08 f4 a9 32 81 88 ff ff ...........2....
08 f4 a9 32 81 88 ff ff 00 00 00 00 00 00 00 00 ...2............
backtrace:
[<00000000e8952bb4>] kmalloc_node_trace+0x22/0xa0
[<00000000f9980e0f>] blk_mq_alloc_and_init_hctx+0x3f1/0x7e0
[<000000002e719efa>] blk_mq_realloc_hw_ctxs+0x1e6/0x230
[<000000004f1fda40>] blk_mq_init_allocated_queue+0x27e/0x910
[<00000000287123ec>] __blk_mq_alloc_disk+0x67/0xf0
[<00000000a2a34657>] 0xffffffffa2ad310f
[<00000000b173f718>] 0xffffffffa2af824a
[<0000000095a1dabb>] do_one_initcall+0x87/0x2a0
[<00000000f32fdf93>] do_init_module+0xdf/0x320
[<00000000cbe8541e>] load_module+0x3006/0x3390
[<0000000069ed1bdb>] __do_sys_finit_module+0x113/0x1b0
[<00000000a1a29ae8>] do_syscall_64+0x35/0x80
[<000000009cd878b0>] entry_SYSCALL_64_after_hwframe+0x46/0xb0
Fault injection context as follows:
kobject_add
blk_mq_register_hctx
blk_mq_sysfs_register
blk_register_queue
device_add_disk
null_add_dev.part.0 [null_blk]
As 'blk_mq_register_hctx' may already add some objects when failed halfway,
but there isn't do fallback, caller don't know which objects add failed.
To solve above issue just do fallback when add objects failed halfway in
'blk_mq_register_hctx'.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
654870789c3c1b9763316ef1c71d7a449127b175
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
cb186eb47fb9dd327bdefa15f0c5fc55c53a40dd
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
02bc8bc6eab03c84373281b85cb6e98747172ff7
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
87fd18016a47ea8ae12641377a390172c4aa97a7
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
e8022da1fa2fdf2fa204b445dd3354e7a66d085a
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
eff45bfbc25a2509a6362dea6e699e14083c693c
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
4b7fafa5f39b15c3a6ca3b95e534d05d6904cc95
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
33e8a3f61814ea30615d0fafaf50477975d6c1ca
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
4b7a21c57b14fbcd0e1729150189e5933f5088e9
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version <=
4.9.*
Version
4.9.337
Status
unaffected
Version <=
4.14.*
Version
4.14.303
Status
unaffected
Version <=
4.19.*
Version
4.19.270
Status
unaffected
Version <=
5.4.*
Version
5.4.229
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.86
Status
unaffected
Version <=
6.0.*
Version
6.0.16
Status
unaffected
Version <=
6.1.*
Version
6.1.2
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.129 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|