CVE-2022-49720

block: Fix handling of offline queues in blk_mq_alloc_request_hctx()

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (2)

MITRE, TN

CWE (0)

CAPEC (-)

Risk

CVSS Score

5.5 Medium

SSVC

KEV

EPSS

Affected Products (-)

Vendors (1)

linux

Products (1)

linux_kernel

Versions (4)

>= 4.16 < 5.10.124, >= 4.16 < 5.15.49, >= 4.16 < 5.18.6, >= 4.16 < 5.19

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (5)

General (1)

kernel

Exploits & POcs (-)

Patches (4)

kernel

Advisories (-)

Summary

In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() This patch prevents that test nvme/004 triggers the following: UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9
index 512 is out of range for type 'long unsigned int [512]'
Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x3b __ubsan_handle_out_of_bounds.cold+0x44/0x49 blk_mq_alloc_request_hctx+0x304/0x310 __nvme_submit_sync_cmd+0x70/0x200 [nvme_core] nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics] nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop] nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop] nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics] nvmf_dev_write+0xae/0x111 [nvme_fabrics] vfs_write+0x144/0x560 ksys_write+0xb7/0x140 __x64_sys_write+0x42/0x50 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae

In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() This patch prevents that test nvme/004 triggers the following: UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9 index 512 is out of range for type 'long unsigned int [512]' Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x3b __ubsan_handle_out_of_bounds.cold+0x44/0x49 blk_mq_alloc_request_hctx+0x304/0x310 __nvme_submit_sync_cmd+0x70/0x200 [nvme_core] nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics] nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop] nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop] nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics] nvmf_dev_write+0xae/0x111 [nvme_fabrics] vfs_write+0x144/0x560 ksys_write+0xb7/0x140 __x64_sys_write+0x42/0x50 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae

*Credits: N/A

CVSS Scores

Tenablev3 5.5
Tenablev2 4.9

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
---------- EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/20e4d813931961fe26d26a1e98b3aba6ec00b130	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/7fa28a7c3d74933a4fc22d341b60927952f31c19	2022-06-22
https://git.kernel.org/stable/c/b5e65ef044d627effdc2599040b6d204e003f955	2022-06-22
https://git.kernel.org/stable/c/b202a0bd2580ee5b0453772c46d464152fafff73	2022-06-22
https://git.kernel.org/stable/c/14dc7a18abbe4176f5626c13c333670da8e06aa1	2022-06-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.10.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.10.124"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.15.49 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.15.49"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.18.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.18.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.19"		en		Affected

CVE-2022-49720

block: Fix handling of offline queues in blk_mq_alloc_request_hctx()

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (5)

Affected Vendors, Products, and Versions