CVE-2022-49411

HIGH EPSS 19.1%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. This may then cause insertion of this bfq_group into a service tree. But this bfq_group will get freed as soon as last bio associated with it is completed leading to use after free issues for service tree users. Fix the problem by making sure we always operate on online bfq_group. If the bfq_group associated with the bio is not online, we pick the first online parent.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
19.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥4.12  –  <5.4.198
linuxlinux_kernel*≥5.5  –  <5.10.121
linuxlinux_kernel*≥5.11  –  <5.15.46
linuxlinux_kernel*≥5.16  –  <5.17.14
linuxlinux_kernel*≥5.18  –  <5.18.3

References 6

  • git.kernel.org https://git.kernel.org/stable/c/075a53b78b815301f8d3dd1ee2cd99554e34f0dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/51f724bffa3403a5236597e6b75df7329c1ec6e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6ee0868b0c3ccead5907685fcdcdd0c08dfe4b0b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7781c38552e6cc54ed8e9040279561340516b881
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/97bd6c56bdcb41079e488e31df56809e3b2ce628
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ccddf8cd411c1800863ed357064e56ceffd356bb
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/075a53b78b815301f8d3dd1ee2cd99554e34f0dd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/51f724bffa3403a5236597e6b75df7329c1ec6e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6ee0868b0c3ccead5907685fcdcdd0c08dfe4b0b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7781c38552e6cc54ed8e9040279561340516b881
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/97bd6c56bdcb41079e488e31df56809e3b2ce628
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ccddf8cd411c1800863ed357064e56ceffd356bb
    Patch