-
CVE-2022-50534
- EPSS -
- Veröffentlicht 07.10.2025 15:19:23
- Zuletzt bearbeitet 07.10.2025 16:15:37
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- Teams Watchlist Login
- Unerledigt Login
In the Linux kernel, the following vulnerability has been resolved:
dm thin: Use last transaction's pmd->root when commit failed
Recently we found a softlock up problem in dm thin pool btree lookup
code due to corrupted metadata:
Kernel panic - not syncing: softlockup: hung tasks
CPU: 7 PID: 2669225 Comm: kworker/u16:3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
Workqueue: dm-thin do_worker [dm_thin_pool]
Call Trace:
<IRQ>
dump_stack+0x9c/0xd3
panic+0x35d/0x6b9
watchdog_timer_fn.cold+0x16/0x25
__run_hrtimer+0xa2/0x2d0
</IRQ>
RIP: 0010:__relink_lru+0x102/0x220 [dm_bufio]
__bufio_new+0x11f/0x4f0 [dm_bufio]
new_read+0xa3/0x1e0 [dm_bufio]
dm_bm_read_lock+0x33/0xd0 [dm_persistent_data]
ro_step+0x63/0x100 [dm_persistent_data]
btree_lookup_raw.constprop.0+0x44/0x220 [dm_persistent_data]
dm_btree_lookup+0x16f/0x210 [dm_persistent_data]
dm_thin_find_block+0x12c/0x210 [dm_thin_pool]
__process_bio_read_only+0xc5/0x400 [dm_thin_pool]
process_thin_deferred_bios+0x1a4/0x4a0 [dm_thin_pool]
process_one_work+0x3c5/0x730
Following process may generate a broken btree mixed with fresh and
stale btree nodes, which could get dm thin trapped in an infinite loop
while looking up data block:
Transaction 1: pmd->root = A, A->B->C // One path in btree
pmd->root = X, X->Y->Z // Copy-up
Transaction 2: X,Z is updated on disk, Y write failed.
// Commit failed, dm thin becomes read-only.
process_bio_read_only
dm_thin_find_block
__find_block
dm_btree_lookup(pmd->root)
The pmd->root points to a broken btree, Y may contain stale node
pointing to any block, for example X, which gets dm thin trapped into
a dead loop while looking up Z.
Fix this by setting pmd->root in __open_metadata(), so that dm thin
will use the last transaction's pmd->root if commit failed.
Fetch a reproducer in [Link].
Linke: https://bugzilla.kernel.org/show_bug.cgi?id=216790Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
b35a22760aa5008d82533e59b0f0b5eb1b02d4e5
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
87d69b8824ca9b090f5a8ed47f758e8f6eecb871
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
3db757ffdd87ed8d7118b2250236a496502a660f
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
f758987ff0af3a4b5ee69e95cab6a5294e4367b0
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
94f01ecc2aa0be992865acc80ebb6701f731f955
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
4b710e8481ade7c9200e94d3018e99dc42a0a0e8
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
a63ce4eca86fd207e3db07c00fb7ccf4adf1b230
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
b91f481300e3a10eaf66b94fc39b740928762aaf
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
Version <
7991dbff6849f67e823b7cc0c15e5a90b0549b9f
Version
991d9fa02da0dd1f843dc011376965e0c8c6c9b5
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
3.2
Status
affected
Version <
3.2
Version
0
Status
unaffected
Version <=
4.9.*
Version
4.9.337
Status
unaffected
Version <=
4.14.*
Version
4.14.303
Status
unaffected
Version <=
4.19.*
Version
4.19.270
Status
unaffected
Version <=
5.4.*
Version
5.4.229
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.87
Status
unaffected
Version <=
6.0.*
Version
6.0.18
Status
unaffected
Version <=
6.1.*
Version
6.1.4
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|